From 6c837e44d1d185472a6a27eed3b6a523ae5a4013 Mon Sep 17 00:00:00 2001
From: 44323 <443237572@qq.com>
Date: 星期五, 15 三月 2024 09:44:30 +0800
Subject: [PATCH] bug修改
---
 cloud-server-competition/src/main/java/com/dsh/page/WafKit.java |  148 ++++++++++++++++++++++++------------------------
 1 files changed, 74 insertions(+), 74 deletions(-)
diff --git a/cloud-server-competition/src/main/java/com/dsh/page/WafKit.java b/cloud-server-competition/src/main/java/com/dsh/page/WafKit.java
index 337d021..3c6fcae 100644
--- a/cloud-server-competition/src/main/java/com/dsh/page/WafKit.java
+++ b/cloud-server-competition/src/main/java/com/dsh/page/WafKit.java
@@ -1,12 +1,12 @@
 /**
  * Copyright (c) 2011-2014, hubin (jobob@qq.com).
- *
+ * <p>
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -21,34 +21,34 @@
  * Web防火墙工具类
  Web firewall tool category
  * <p>
- * @author   hubin
- * @Date	 2014-5-8 	 
+ * @author hubin
+ * @Date 2014-5-8
  */
 public class WafKit {
 
-	/**
-	 * @Description 过滤XSS脚本内容
-	 Filtering XSS scripts content.
-	 * @param value
-	 * 				待处理内容
-	 * @return
-	 */
-	public static String stripXSS(String value) {
-		String rlt = null;
+    /**
+     * @Description 过滤XSS脚本内容
+    Filtering XSS scripts content.
+     * @param value
+     * 				待处理内容
+     * @return
+     */
+    public static String stripXSS(String value) {
+        String rlt = null;
 
-		if (null != value) {
-			// NOTE: It's highly recommended to use the ESAPI library and uncomment the following line to
-			// avoid encoded attacks.
-			// value = ESAPI.encoder().canonicalize(value);
+        if (null != value) {
+            // NOTE: It's highly recommended to use the ESAPI library and uncomment the following line to
+            // avoid encoded attacks.
+            // value = ESAPI.encoder().canonicalize(value);
 
-			// Avoid null characters
-			rlt = value.replaceAll("", "");
+            // Avoid null characters
+            rlt = value.replaceAll("", "");
 
-			// Avoid anything between script tags
-			Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE);
-			rlt = scriptPattern.matcher(rlt).replaceAll("");
+            // Avoid anything between script tags
+            Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE);
+            rlt = scriptPattern.matcher(rlt).replaceAll("");
 
-			// Avoid anything in a src='...' type of expression
+            // Avoid anything in a src='...' type of expression
 			/*scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE
 					| Pattern.MULTILINE | Pattern.DOTALL);
 			rlt = scriptPattern.matcher(rlt).replaceAll("");
@@ -57,62 +57,62 @@
 					| Pattern.MULTILINE | Pattern.DOTALL);
 			rlt = scriptPattern.matcher(rlt).replaceAll("");*/
 
-			// Remove any lonesome </script> tag
-			scriptPattern = Pattern.compile("</script>", Pattern.CASE_INSENSITIVE);
-			rlt = scriptPattern.matcher(rlt).replaceAll("");
+            // Remove any lonesome </script> tag
+            scriptPattern = Pattern.compile("</script>", Pattern.CASE_INSENSITIVE);
+            rlt = scriptPattern.matcher(rlt).replaceAll("");
 
-			// Remove any lonesome <script ...> tag
-			scriptPattern = Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE
-					| Pattern.MULTILINE | Pattern.DOTALL);
-			rlt = scriptPattern.matcher(rlt).replaceAll("");
+            // Remove any lonesome <script ...> tag
+            scriptPattern = Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE
+                    | Pattern.MULTILINE | Pattern.DOTALL);
+            rlt = scriptPattern.matcher(rlt).replaceAll("");
 
-			// Avoid eval(...) expressions
-			scriptPattern = Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE
-					| Pattern.MULTILINE | Pattern.DOTALL);
-			rlt = scriptPattern.matcher(rlt).replaceAll("");
+            // Avoid eval(...) expressions
+            scriptPattern = Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE
+                    | Pattern.MULTILINE | Pattern.DOTALL);
+            rlt = scriptPattern.matcher(rlt).replaceAll("");
 
-			// Avoid expression(...) expressions
-			scriptPattern = Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE
-					| Pattern.MULTILINE | Pattern.DOTALL);
-			rlt = scriptPattern.matcher(rlt).replaceAll("");
+            // Avoid expression(...) expressions
+            scriptPattern = Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE
+                    | Pattern.MULTILINE | Pattern.DOTALL);
+            rlt = scriptPattern.matcher(rlt).replaceAll("");
 
-			// Avoid javascript:... expressions
-			scriptPattern = Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE);
-			rlt = scriptPattern.matcher(rlt).replaceAll("");
+            // Avoid javascript:... expressions
+            scriptPattern = Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE);
+            rlt = scriptPattern.matcher(rlt).replaceAll("");
 
-			// Avoid vbscript:... expressions
-			scriptPattern = Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE);
-			rlt = scriptPattern.matcher(rlt).replaceAll("");
+            // Avoid vbscript:... expressions
+            scriptPattern = Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE);
+            rlt = scriptPattern.matcher(rlt).replaceAll("");
 
-			// Avoid onload= expressions
-			scriptPattern = Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE
-					| Pattern.MULTILINE | Pattern.DOTALL);
-			rlt = scriptPattern.matcher(rlt).replaceAll("");
-		}
-		
-		return rlt;
-	}
+            // Avoid onload= expressions
+            scriptPattern = Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE
+                    | Pattern.MULTILINE | Pattern.DOTALL);
+            rlt = scriptPattern.matcher(rlt).replaceAll("");
+        }
 
-	/**
-	 * @Description 过滤SQL注入内容
-	 Filter SQL injection content.
-	 * @param value
-	 * 				待处理内容
-	 * @return
-	 */
-	public static String stripSqlInjection(String value) {
-		return (null == value) ? null : value.replaceAll("('.+--)|(--)|(%7C)", ""); //value.replaceAll("('.+--)|(--)|(\\|)|(%7C)", "");
-	}
+        return rlt;
+    }
 
-	/**
-	 * @Description 过滤SQL/XSS注入内容
-	 Filter SQL/XSS injection content.
-	 * @param value
-	 * 				待处理内容
-	 * @return
-	 */
-	public static String stripSqlXSS(String value) {
-		return stripXSS(stripSqlInjection(value));
-	}
+    /**
+     * @Description 过滤SQL注入内容
+    Filter SQL injection content.
+     * @param value
+     * 				待处理内容
+     * @return
+     */
+    public static String stripSqlInjection(String value) {
+        return (null == value) ? null : value.replaceAll("('.+--)|(--)|(%7C)", ""); //value.replaceAll("('.+--)|(--)|(\\|)|(%7C)", "");
+    }
+
+    /**
+     * @Description 过滤SQL/XSS注入内容
+    Filter SQL/XSS injection content.
+     * @param value
+     * 				待处理内容
+     * @return
+     */
+    public static String stripSqlXSS(String value) {
+        return stripXSS(stripSqlInjection(value));
+    }
 
 }
--
Gitblit v1.7.1