posted on 2014-09-28 13:49
云云 阅读(640)
评论(0) 编辑 收藏
package com.qiyi.appstore.util;
import java.lang.reflect.field;
import java.lang.reflect.invocationtargetexception;
import org.apache.commons.beanutils.beanutils;
import org.apache.commons.lang.stringutils;
import org.slf4j.logger;
import org.slf4j.loggerfactory;
import com.qiyi.appstore.exception.appstoreexception;
import com.qiyi.cloud.user.apicode;
public class xssutils {
private static final logger logger=loggerfactory.getlogger(xssutils.class);
public static string getsafestringxss(string s){
if (stringutils.isblank(s)) {
return s;
}
stringbuilder sb = new stringbuilder(s.length() 16);
for (int i = 0; i < s.length(); i ) {
char c = s.charat(i);
switch (c) {
case '<':
sb.append("<");
break;
case '>':
sb.append(">");
break;
case '\'':
sb.append("′");// ´");
break;
case '′':
sb.append("′");// ´");
break;
case '\"':
sb.append(""");
break;
case '"':
sb.append(""");
break;
case '&':
sb.append("&");
break;
case '#':
sb.append("#");
break;
case '\\':
sb.append('¥');
break;
case '=':
sb.append("=");
break;
default:
sb.append(c);
break;
}
}
return sb.tostring();
}
public static void getxsssaftbean(class clz,t bean) throws illegalaccessexception, invocationtargetexception, nosuchmethodexception{
string classname = clz.getsimplename();
logger.info("map target class name is {} .",classname);
field[] fields = clz.getdeclaredfields();
for(field field : fields){
class type = field.gettype();
if(type.equals(string.class)){
string fieldname = field.getname();
string value = beanutils.getproperty(bean, fieldname);
if(stringutils.isnotblank(value)){
beanutils.setproperty(bean, fieldname, getsafestringxss(value));
}
}
}
}
}