在servlet中将<>转化成<>的函数是什么

deane 2002-03-07 09:02:33

在servlet中将<>转化成<>的函数是什么，在解决Cross site Scripting问题时像
将一些特殊符号转化，但不知函数时什么，

...全文

41 3 打赏收藏举报

写回复

3 条回复

切换为时间正序

当前发帖距今超过3年，不再开放新的回复

发表回复

zlq 2002-03-07

Thank you, I think your program and the follow encode function will be a good solution.

import java.net.URLEncoder;
class Test1
{
public static void main(String[] args)
{
System.out.println (URLEncoder.encode("sfds%&^(*&"));
}
}

打赏
举报

回复赞

zlq 2002-03-07

我也想知道,若没有的话可以用以下FUNCTION
String toHtml(String str)
{
while(str.indexOf('<')>=0)
{
intpos = str.indexOf('<');
str = str.substring(0,intpos) + '<' + str.substring(intpos +1);
}
while(str.indexOf('>')>=0)
{
intpos = str.indexOf('>');
str = str.substring(0,intpos) + '>' + str.substring(intpos +1);
}
while(str.indexOf('&')>=0)
{
intpos = str.indexOf('&');
str = str.substring(0,intpos) + '%26' + str.substring(intpos +1);
}
while(str.indexOf('?')>=0)
{
intpos = str.indexOf('?');
str = str.substring(0,intpos) + '%3F' + str.substring(intpos +1);
}
while(str.indexOf('\n')>=0)
{
intpos = str.indexOf('\n');
str = str.substring(0,intpos -1) + '<br>' + str.substring(intpos +1);
}
return str;
}

打赏
举报

回复赞

deane 2002-03-07

Thank u first of all,but i have a better method ,u may use Class StringBuffer ,it can insert or append a char to a string,And as u say u must list all of invalid code,in that way the number is too much,I think u can regard 'a-z',"a-z","0-9" as valid code,and others are invalid codes.
by the way ,u can see
http://www.rgagnon.com/javadetails/java-0306.html
good luck!
If u have other good solutions of Cross Site Scripting please tell me,thank u