package com.ibeetl.admin.core.util.beetl;
|
|
import org.apache.commons.lang3.StringEscapeUtils;
|
import org.apache.commons.lang3.StringUtils;
|
import org.beetl.core.Format;
|
|
public class XXSDefenderFormat implements Format {
|
|
@Override
|
public Object format(Object data, String pattern) {
|
if(data==null){
|
return data;
|
}
|
|
if(data instanceof String){
|
String js = (String)data;
|
String str = StringEscapeUtils.escapeHtml4(js);
|
if(StringUtils.isNotEmpty(pattern)){
|
int len = Integer.parseInt(pattern);
|
if(str.length()>len){
|
str = str.substring(0, len);
|
}
|
|
}
|
return str;
|
}else{
|
return data;
|
}
|
|
}
|
|
public static void main(String[] args){
|
String js = "中文<script>hi</script><h5></h5>";
|
System.out.println(js);
|
js = StringEscapeUtils.escapeHtml4(js);
|
System.out.println(js);
|
}
|
|
}
|
