XSS的关键之列表
//this field are used tp escape XSS script attach //get all the html 4 event from http://www.w3schools.com/Html/html_eventattributes.asp private static final String[][] XSS_CHARS_ESCAPE = { //Window Events {"onload", "on_load"}, {"onunload", "on_unload"}, //Form Element Events {"onchange", "on_change"}, {"onsubmit", "on_submit"}, {"onreset", "on_reset"}, {"onselect", "on_select"}, {"onblur", "on_blur"}, {"onfocus", "on_focus"}, //Keyboard Events {"onkeydown", "on_keydown"}, {"onkeypress", "on_keypress"}, {"onkeyup", "on_keyup"}, //Mouse Events {"onclick", "on_click"}, {"ondblclick", "on_dblclick"}, {"onmousedown", "on_mousedown"}, {"onmousemove", "on_mousemove"}, {"onmouseout", "on_mouseout"}, {"onmouseover", "on_mouseover"}, {"onmouseup", "on_mouseup"}, //html 5 event attribute //from http://www.w3schools.com/tags/html5_ref_eventattributes.asp {"onabort", "on_abort"}, {"onbeforeunload", "on_beforeunload"}, {"oncontextmenu", "on_contextmenu"}, {"ondrag", "on_drag"}, {"ondragend", "on_dragend"}, {"ondragenter", "on_dragenter"}, {"ondragleave", "on_dragleave"}, {"ondragover", "on_dragover"}, {"ondragstart", "on_dragstart"}, {"ondrop", "on_drop"}, {"onerror", "on_error"}, {"onmessage", "on_message"}, {"onmousewheel", "on_mousewheel"}, {"onresize", "on_resize"}, {"onscroll", "on_scroll"}, {"onunload", "on_unload"}, //JS header {"javascript:", "java_script:"}, {"jscript:", "j_script:"}, {"vbscript:", "vb_script:"}, {"<script>", "&lt;script&gt;"}, {"</script>", "&lt;/script&gt;"}, //IE only event {"onactivate","onactivate"}, {"onafterprint","onafterprint"}, {"onafterupdate","onafterupdate"}, {"onbeforeactivate","onbeforeactivate"}, {"onbeforecopy","onbeforecopy"}, {"onbeforecut","onbeforecut"}, {"onbeforedeactivate","onbeforedeactivate"}, {"onbeforeeditfocus","onbeforeeditfocus"}, {"onbeforepaste","onbeforepaste"}, {"onbeforeprint","onbeforeprint"}, {"onbeforeupdate","onbeforeupdate"}, {"onbounce","onbounce"}, {"oncontrolselect","oncontrolselect"}, {"oncopy","oncopy"}, {"oncut","oncut"}, {"ondataavailable","ondataavailable"}, {"ondatasetchanged","ondatasetchanged"}, {"ondeactivate","ondeactivate"}, {"onerrorupdate","onerrorupdate"}, {"onfilterchange","onfilterchange"}, {"onfinish","onfinish"}, {"onhelp","onhelp"}, {"onlayoutcomplete","onlayoutcomplete"}, {"onlosecapture","onlosecapture"}, {"onmouseenter","onmouseenter"}, {"onmouseleave","onmouseleave"}, {"onmove","onmove"}, {"onmoveend","onmoveend"}, {"onmovestart","onmovestart"}, {"onpaste","onpaste"}, {"onpropertychange","onpropertychange"}, {"onreadystatechanged","onreadystatechanged"}, {"onresizeend","onresizeend"}, {"onresizestart","onresizestart"}, {"onrowenter","onrowenter"}, {"onrowexit","onrowexit"}, {"onrowsdelete","onrowsdelete"}, {"onrowsinserted","onrowsinserted"}, {"onstart","onstart"}, {"onstop","onstop"}, {"ontimeerror","ontimeerror"} };private static String replaceIgnoreSearchCase(String text, String searchString, String replacement) { if (StringUtils.isEmpty(text) || StringUtils.isEmpty(searchString) || replacement == null) { return text; } searchString = searchString.toUpperCase(); final String textUperCase = text.toUpperCase(); int start = 0; int end = textUperCase.indexOf(searchString, start); if (end == -1) { return text; } int replLength = searchString.length(); int increase = replacement.length() - replLength; increase = (increase < 0 ? 0 : increase); increase *= 16; StringBuffer buf = new StringBuffer(text.length() + increase); while (end != -1) { buf.append(text.substring(start, end)).append(replacement); start = end + replLength; end = textUperCase.indexOf(searchString, start); } buf.append(text.substring(start)); return buf.toString(); }
页:
[1]