package com.yqzx.common.util;
|
|
import java.io.InputStream;
|
|
import lombok.extern.slf4j.Slf4j;
|
import org.apache.commons.text.StringEscapeUtils;
|
import org.owasp.validator.html.AntiSamy;
|
import org.owasp.validator.html.Policy;
|
import org.owasp.validator.html.PolicyException;
|
import org.owasp.validator.html.ScanException;
|
|
import cn.hutool.core.util.StrUtil;
|
|
/**
|
* @author ChenLong
|
* @version 1.0
|
* @ClassName XSSUtil
|
* @date 2019/7/16 18:13
|
* @Description TODO
|
*/
|
@Slf4j
|
public class XssUtil {
|
|
public static String clearXss(String val) {
|
if (StrUtil.isBlank(val)) {
|
return val;
|
}
|
try {
|
InputStream is=XssUtil.class.getResourceAsStream("/antisamy.xml");
|
AntiSamy antiSamy = new AntiSamy();
|
Policy policy = Policy.getInstance(is);
|
return StringEscapeUtils.unescapeHtml4(antiSamy.scan(val, policy).getCleanHTML());
|
} catch (PolicyException e) {
|
log.error(e.getMessage());
|
} catch (ScanException e) {
|
log.error(e.getMessage());
|
}
|
return val;
|
}
|
|
}
|
