发表新帖

发表新帖

HTML-Entity escaping to prevent XSS

前端未结

关注

 2  684

一整个雨季 2021-02-02 17:44

I have some user input. Within my code, I ensure that the following symbols are escaped:

& -> & 
< -> < 
> -> >
<

2条回答

离开以前 (楼主)

2021-02-02 18:11
I recommend you to use Appache Common Lang library to escape strings, for exmaple to escape HTML:
```
String escapedString = org.apache.commons.lang.StringEscapeUtils.escapeHtml(String str);
```
the library has many useful methods to escape in HTML, XML, Javascript.
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...

热议问题