å¯ä»¥ä½¿ç”¨AntiSamy防范XSS跨站脚本æ”Õd‡»
常用XSSæ–¹å¼åˆ†äØ“(f¨´)ä»¥ä¸‹å‡ ç§åQ?/h1>
1. 输入框ä¸ç›´æŽ¥è¾“å…¥æ¶æ„脚本åQŒå¦‚åQ?/p>
><script>alert(document.cookie)</script>
2. 输入框ä¸è¾“å…¥htmlæ ‡ç¾åQŒåœ¨æ ‡ç¾ä¸åµŒå…¥æ¶æ„脚本,如srcåQŒhrefåQŒcss style½{‰ã€?/p>
<IMG SRC="javascriptåQšalert('XSS');">; <BODY BACKGROUND="javascriptåQšalert('XSS')"> <STYLE>li {list-style-image:url("javascriptåQšalert('XSS')");}</STYLE><UL><LI>XSS</br>
3. ž®†æ¶æ„脚本注入在event事äšgä¸ï¼Œå¦‚onClickåQŒonBluråQŒonMouseOver½{‰äº‹ä»¶ã€?/p>
<a onmouseover="alert(document.cookie)">xxslink</a>
4. 在remote style sheetåQŒjavascriptä¸ï¼Œå¦?/p>
<LINK REL="stylesheet"HREF="javascriptåQšalert('XSS');">]]>
‹¹‹è¯•¾l“æžœåQ?1亿æ¡æ•°æ®ç”¨æ—¶93¿U’,生äñ”58ä¸?00mæ–‡äšg。æ¯ä¸€æ?53¾U³ç§’ã€?br />
package io.netty.example.http.snoop;
import java.io.FileOutputStream;
import java.io.RandomAccessFile;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.MappedByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.charset.Charset;
import java.nio.charset.CharsetDecoder;
import java.nio.charset.CharsetEncoder;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
public class WriterFile {
// 指定大å°ä¸?1024 的缓冲区
public static ByteBuffer bytebufferone = ByteBuffer.allocate(102400000);
public static ByteBuffer bytebuffertwo = ByteBuffer.allocate(102400000);
public static boolean checkbuffer =true;
public static void main(String[] args) {
long start = System.nanoTime();
for(int i=0;i<100000000;i++){
if(checkbuffer)
processone("123abc"+i+"\r\n");
else
prcesstwo("123abc"+i+"\r\n");
}
long end = System.nanoTime();
System.out.println((end - start)+"耗时");
}
/**
* bytebuffertwo写日�br /> */
public static void prcesstwo(String log)
{
//写bytebuff
boolean onecheck=checkposition(log,bytebuffertwo);
if(onecheck)
writerbuffer(log,bytebuffertwo);
//写文�br /> else{
checkbuffer=true;
writerbuffer(log,bytebufferone);
writerfile(bytebuffertwo);
}
}
/**
* bytebufferone写日�br /> * @param log
*/
public static void processone(String log)
{
//写bytebuff
boolean onecheck=checkposition(log,bytebufferone);
if(onecheck){
writerbuffer(log,bytebufferone);
}
//写文�br /> else{
checkbuffer=false;
writerbuffer(log,bytebuffertwo);
writerfile(bytebufferone);
}
}
/**
* 判斾~“å˜æ˜¯å¦å¯ä»¥å†™ä¸‹æ—¥å¿—
* @param log
* @return
*/
public static boolean checkposition(String log,ByteBuffer bytebuffer)
{
if(2*log.getBytes().length>bytebuffer.limit()-bytebuffer.position())
{
return false;
}
else
{
return true;
}
}
/**
* 写日志到¾~“å˜åQŒåƈ且返回缓å˜æŒ‡é’ˆä½¾|?br /> * @param log
* @return
*/
public static int writerbuffer(String log,ByteBuffer bytebuffer )
{
for (int i = 0; i < log.length(); i++) {
bytebuffer.putChar(log.charAt(i));
}
return bytebuffer.position();
}
/**
* 写文�br /> * @param filename
*/
public static void writerfile(ByteBuffer bytebuffer)
{
try{
FileOutputStream fos = new FileOutputStream(Datefile());
FileChannel fc = fos.getChannel();
bytebuffer.flip();
fc.write(bytebufferone);
fc.close();
fos.close();
bytebuffer.clear();
}
catch(Exception ex)
{
ex.printStackTrace();
}
}
/**
* æ–‡äšgå按日期生äñ”
* @param str
* @return
*/
public static String Datefile() {
SimpleDateFormat format = new SimpleDateFormat("yyyyMMdd_HHmmss");
String str = format.format(new Date());
return "d:/test/"+str+".txt";
}
}
附带一个普通的nioè¯Õd†™
import java.io.FileOutputStream;
import java.io.RandomAccessFile;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.MappedByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.charset.Charset;
import java.nio.charset.CharsetDecoder;
import java.nio.charset.CharsetEncoder;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
public class WriterFile {
// 指定大å°ä¸?1024 的缓冲区
public static ByteBuffer bytebufferone = ByteBuffer.allocate(102400000);
public static ByteBuffer bytebuffertwo = ByteBuffer.allocate(102400000);
public static boolean checkbuffer =true;
public static void main(String[] args) {
long start = System.nanoTime();
for(int i=0;i<100000000;i++){
if(checkbuffer)
processone("123abc"+i+"\r\n");
else
prcesstwo("123abc"+i+"\r\n");
}
long end = System.nanoTime();
System.out.println((end - start)+"耗时");
}
/**
* bytebuffertwo写日�br /> */
public static void prcesstwo(String log)
{
//写bytebuff
boolean onecheck=checkposition(log,bytebuffertwo);
if(onecheck)
writerbuffer(log,bytebuffertwo);
//写文�br /> else{
checkbuffer=true;
writerbuffer(log,bytebufferone);
writerfile(bytebuffertwo);
}
}
/**
* bytebufferone写日�br /> * @param log
*/
public static void processone(String log)
{
//写bytebuff
boolean onecheck=checkposition(log,bytebufferone);
if(onecheck){
writerbuffer(log,bytebufferone);
}
//写文�br /> else{
checkbuffer=false;
writerbuffer(log,bytebuffertwo);
writerfile(bytebufferone);
}
}
/**
* 判斾~“å˜æ˜¯å¦å¯ä»¥å†™ä¸‹æ—¥å¿—
* @param log
* @return
*/
public static boolean checkposition(String log,ByteBuffer bytebuffer)
{
if(2*log.getBytes().length>bytebuffer.limit()-bytebuffer.position())
{
return false;
}
else
{
return true;
}
}
/**
* 写日志到¾~“å˜åQŒåƈ且返回缓å˜æŒ‡é’ˆä½¾|?br /> * @param log
* @return
*/
public static int writerbuffer(String log,ByteBuffer bytebuffer )
{
for (int i = 0; i < log.length(); i++) {
bytebuffer.putChar(log.charAt(i));
}
return bytebuffer.position();
}
/**
* 写文�br /> * @param filename
*/
public static void writerfile(ByteBuffer bytebuffer)
{
try{
FileOutputStream fos = new FileOutputStream(Datefile());
FileChannel fc = fos.getChannel();
bytebuffer.flip();
fc.write(bytebufferone);
fc.close();
fos.close();
bytebuffer.clear();
}
catch(Exception ex)
{
ex.printStackTrace();
}
}
/**
* æ–‡äšgå按日期生äñ”
* @param str
* @return
*/
public static String Datefile() {
SimpleDateFormat format = new SimpleDateFormat("yyyyMMdd_HHmmss");
String str = format.format(new Date());
return "d:/test/"+str+".txt";
}
}
附带一个普通的nioè¯Õd†™
public static void test()
{
try{
FileOutputStream fos = new FileOutputStream("d:/nio.txt");
// 得到文äšg通é“
FileChannel fc = fos.getChannel();
// 指定大å°ä¸?1024 的缓冲区
ByteBuffer bf = ByteBuffer.allocate(1024);
// è¦å†™å…¥æ–‡ä»¶çš„å—符ä¸?br /> String greeting = "Hello111";
// 把以上嗽W¦ä¸²é€å—攑օ¥¾~“冲åŒ?br /> for (int i = 0; i < greeting.length(); i++) {
bf.putChar(greeting.charAt(i));
}
// 记得执行˜q™ä¸ªæ–ÒŽ(gu¨©)³•åQŒä‹Éå¾?position=0, limit=30, æ‰èƒ½å†™å…¥æ£ç¡®çš„æ•°æ?br /> // å¦åˆ™ position ä¸?30, limit ä¸?1024åQŒå°†ä¼?x¨¬)æŠ?30 之åŽçš„全部空数æ®(0) 填到文äšgä¸?br />
System.out.println(greeting.getBytes().length);
System.out.println(bf.position());
System.out.println(bf.limit());
bf.flip();
// ¾~“冲区数æ®å†™å…¥åˆ°æ–‡äšgä¸ï¼Œä¼?x¨¬)把¾~“冲åŒÞZ¸ä»?position åˆ?limit 之间的数æ®å†™å…¥æ–‡ä»?br /> fc.write(bf);
fc.close(); // å…³é—æ–‡äšg通é“
fos.close(); // å…³é—æ–‡äšg输出‹¹?br /> }catch(Exception e){
e.printStackTrace();
}
}
{
try{
FileOutputStream fos = new FileOutputStream("d:/nio.txt");
// 得到文äšg通é“
FileChannel fc = fos.getChannel();
// 指定大å°ä¸?1024 的缓冲区
ByteBuffer bf = ByteBuffer.allocate(1024);
// è¦å†™å…¥æ–‡ä»¶çš„å—符ä¸?br /> String greeting = "Hello111";
// 把以上嗽W¦ä¸²é€å—攑օ¥¾~“冲åŒ?br /> for (int i = 0; i < greeting.length(); i++) {
bf.putChar(greeting.charAt(i));
}
// 记得执行˜q™ä¸ªæ–ÒŽ(gu¨©)³•åQŒä‹Éå¾?position=0, limit=30, æ‰èƒ½å†™å…¥æ£ç¡®çš„æ•°æ?br /> // å¦åˆ™ position ä¸?30, limit ä¸?1024åQŒå°†ä¼?x¨¬)æŠ?30 之åŽçš„全部空数æ®(0) 填到文äšgä¸?br />
System.out.println(greeting.getBytes().length);
System.out.println(bf.position());
System.out.println(bf.limit());
bf.flip();
// ¾~“冲区数æ®å†™å…¥åˆ°æ–‡äšgä¸ï¼Œä¼?x¨¬)把¾~“冲åŒÞZ¸ä»?position åˆ?limit 之间的数æ®å†™å…¥æ–‡ä»?br /> fc.write(bf);
fc.close(); // å…³é—æ–‡äšg通é“
fos.close(); // å…³é—æ–‡äšg输出‹¹?br /> }catch(Exception e){
e.printStackTrace();
}
}
]]>