XSS(Cross-site scripting) 특수문자 치환

Java/Java 기초

XSS(Cross-site scripting) 특수문자 치환

code0xff 2018. 5. 10. 16:39

public class XssFilter {
	public static String XssReplace(String param) {
		
		param = param.replaceAll("&", "&amp;");
		param = param.replaceAll("\"", "&quot;");
		param = param.replaceAll("'", "&apos;");
		param = param.replaceAll("<", "&lt;");
		param = param.replaceAll(">", "&gt;");
		param = param.replaceAll("\r", "<br>");
		param = param.replaceAll("\n", "<p>");

		return param;
	}
}