public final class HTMLFilter extends Object
此类中的方法非线程安全
String clean = new HTMLFilter().filter(input);
此类来自:http://xss-html-filter.sf.net
| 限定符和类型 | 字段和说明 |
|---|---|
private boolean |
alwaysMakeTags
flag determining whether to try to make tags when presented with "unbalanced" angle brackets (e.g.
|
private boolean |
encodeQuotes |
private static Pattern |
P_AMP |
private static Pattern |
P_BODY_TO_END |
private static Pattern |
P_BOTH_ARROWS |
private static Pattern |
P_COMMENT |
private static Pattern |
P_COMMENTS |
private static Pattern |
P_ENCODE |
private static Pattern |
P_END_ARROW |
private static Pattern |
P_END_TAG |
private static Pattern |
P_ENTITY |
private static Pattern |
P_ENTITY_UNICODE |
private static Pattern |
P_LEFT_ARROW |
private static Pattern |
P_PROTOCOL |
private static Pattern |
P_QUOTE |
private static Pattern |
P_QUOTED_ATTRIBUTES |
private static ConcurrentMap<String,Pattern> |
P_REMOVE_PAIR_BLANKS |
private static ConcurrentMap<String,Pattern> |
P_REMOVE_SELF_BLANKS |
private static Pattern |
P_RIGHT_ARROW |
private static Pattern |
P_START_TAG |
private static Pattern |
P_STRAY_LEFT_ARROW |
private static Pattern |
P_STRAY_RIGHT_ARROW |
private static Pattern |
P_TAGS |
private static Pattern |
P_UNQUOTED_ATTRIBUTES |
private static Pattern |
P_VALID_ENTITIES |
private static Pattern |
P_VALID_QUOTES |
private static Pattern |
P_XML_CONTENT |
private static int |
REGEX_FLAGS_SI
regex flag union representing /si modifiers in php
|
private boolean |
stripComment
flag determining whether comments are allowed in input String.
|
private Map<String,List<String>> |
vAllowed
set of allowed html elements, along with allowed attributes for each element
|
private String[] |
vAllowedEntities
entities allowed within html markup
|
private String[] |
vAllowedProtocols
allowed protocols
|
private boolean |
vDebug |
private String[] |
vDisallowed
set of disallowed html elements
|
private String[] |
vNeedClosingTags
html elements which must always have separate opening and closing tags (e.g.
|
private String[] |
vProtocolAtts
attributes which should be checked for valid protocols
|
private String[] |
vRemoveBlanks
tags which should be removed if they contain no content (e.g.
|
private String[] |
vSelfClosingTags
html elements which must always be self-closing (e.g.
|
private Map<String,Integer> |
vTagCounts
counts of open tags for each (allowable) html element
|
| 构造器和说明 |
|---|
HTMLFilter()
Default constructor.
|
HTMLFilter(boolean debug)
Set debug flag to true.
|
HTMLFilter(Map<String,Object> conf)
Map-parameter configurable constructor.
|
| 限定符和类型 | 方法和说明 |
|---|---|
private boolean |
allowed(String name) |
private boolean |
allowedAttribute(String name,
String paramName) |
private String |
balanceHTML(String s) |
private String |
checkEntity(String preamble,
String term) |
private String |
checkTags(String s) |
static String |
chr(int decimal) |
private void |
debug(String msg) |
private String |
decodeEntities(String s) |
private String |
encodeQuotes(String s) |
private String |
escapeComments(String s) |
String |
filter(String input)
given a user submitted input String, filter out any invalid or restricted html.
|
static String |
htmlSpecialChars(String s) |
private static boolean |
inArray(String s,
String[] array) |
boolean |
isAlwaysMakeTags() |
boolean |
isStripComments() |
private boolean |
isValidEntity(String entity) |
private String |
processParamProtocol(String s) |
private String |
processRemoveBlanks(String s) |
private String |
processTag(String s) |
private static String |
regexReplace(Pattern regex_pattern,
String replacement,
String s) |
private void |
reset() |
private String |
validateEntities(String s) |
private static final int REGEX_FLAGS_SI
private static final Pattern P_COMMENTS
private static final Pattern P_COMMENT
private static final Pattern P_TAGS
private static final Pattern P_END_TAG
private static final Pattern P_START_TAG
private static final Pattern P_QUOTED_ATTRIBUTES
private static final Pattern P_UNQUOTED_ATTRIBUTES
private static final Pattern P_PROTOCOL
private static final Pattern P_ENTITY
private static final Pattern P_ENTITY_UNICODE
private static final Pattern P_ENCODE
private static final Pattern P_VALID_ENTITIES
private static final Pattern P_VALID_QUOTES
private static final Pattern P_END_ARROW
private static final Pattern P_BODY_TO_END
private static final Pattern P_XML_CONTENT
private static final Pattern P_STRAY_LEFT_ARROW
private static final Pattern P_STRAY_RIGHT_ARROW
private static final Pattern P_AMP
private static final Pattern P_QUOTE
private static final Pattern P_LEFT_ARROW
private static final Pattern P_RIGHT_ARROW
private static final Pattern P_BOTH_ARROWS
private static final ConcurrentMap<String,Pattern> P_REMOVE_PAIR_BLANKS
private static final ConcurrentMap<String,Pattern> P_REMOVE_SELF_BLANKS
private final Map<String,List<String>> vAllowed
private final Map<String,Integer> vTagCounts
private final String[] vSelfClosingTags
private final String[] vNeedClosingTags
private final String[] vDisallowed
private final String[] vProtocolAtts
private final String[] vAllowedProtocols
private final String[] vRemoveBlanks
private final String[] vAllowedEntities
private final boolean stripComment
private final boolean encodeQuotes
private boolean vDebug
private final boolean alwaysMakeTags
public HTMLFilter()
public HTMLFilter(boolean debug)
debug - turn debug on with a true argumentprivate void reset()
private void debug(String msg)
public static String chr(int decimal)
public String filter(String input)
input - text (i.e. submitted by a user) than may contain htmlpublic boolean isAlwaysMakeTags()
public boolean isStripComments()
private static String regexReplace(Pattern regex_pattern, String replacement, String s)
private boolean isValidEntity(String entity)
private boolean allowed(String name)
Copyright © 2023. All rights reserved.