在servlet中将<>转化成&lt&gt的函数是什么

deane 2002-03-07 09:02:33
在servlet中将<>转化成<>的函数是什么,在解决Cross site Scripting问题时像
将一些特殊符号转化,但不知函数时什么,
...全文
26 点赞 收藏 3
写回复
3 条回复
切换为时间正序
请发表友善的回复…
发表回复
zlq 2002-03-07
Thank you, I think your program and the follow encode function will be a good solution.

import java.net.URLEncoder;
class Test1
{
public static void main(String[] args)
{
System.out.println (URLEncoder.encode("sfds%&^(*&"));
}
}
回复
zlq 2002-03-07
我也想知道,若没有的话可以用以下FUNCTION
String toHtml(String str)
{
while(str.indexOf('<')>=0)
{
intpos = str.indexOf('<');
str = str.substring(0,intpos) + '<' + str.substring(intpos +1);
}
while(str.indexOf('>')>=0)
{
intpos = str.indexOf('>');
str = str.substring(0,intpos) + '>' + str.substring(intpos +1);
}
while(str.indexOf('&')>=0)
{
intpos = str.indexOf('&');
str = str.substring(0,intpos) + '%26' + str.substring(intpos +1);
}
while(str.indexOf('?')>=0)
{
intpos = str.indexOf('?');
str = str.substring(0,intpos) + '%3F' + str.substring(intpos +1);
}
while(str.indexOf('\n')>=0)
{
intpos = str.indexOf('\n');
str = str.substring(0,intpos -1) + '<br>' + str.substring(intpos +1);
}
return str;
}
回复
deane 2002-03-07
Thank u first of all,but i have a better method ,u may use Class StringBuffer ,it can insert or append a char to a string,And as u say u must list all of invalid code,in that way the number is too much,I think u can regard 'a-z',"a-z","0-9" as valid code,and others are invalid codes.
by the way ,u can see
http://www.rgagnon.com/javadetails/java-0306.html
good luck!
If u have other good solutions of Cross Site Scripting please tell me,thank u
回复
发动态
发帖子
Web 开发
创建于2007-09-28

7.9w+

社区成员

Java Web 开发
申请成为版主
社区公告
暂无公告