库来保护Java/jsp的SQL/JavaScript注入 [英] Lib to protect SQL/javascript injection for java/jsp
问题描述
任何人都知道一个好的库,在插入字符串之前,我可以在其中运行这些字符串,这样可以去除sql/javascript代码?要在jsp页面中运行.
Anyone know a good lib where i can run the strings before they are inserted, that can strip out sql/javascript code? To be run in jsp pages.
理想的库是:
- 免费
- 轻巧
- 易于使用
提前感谢SO社区,他们会很乐意答复:)
Thanks in advance to the SO community who will happily reply :)
推荐答案
Apache Commons lang StringEscapeUtils将为您提供一些帮助.它会逃脱,不会剥离.
Apache Commons lang StringEscapeUtils will get you some of the way. It escapes, doesnt strip.
http://commons.apache.org/lang/api/org/apache/commons/lang/StringEscapeUtils.html
转义可以使您免受注入攻击,因为它可以确保用户输入的数据不作为代码执行,而是始终作为数据呈现给用户.
Escaping can save you from injection attacks because it makes sure that the data the user has entered is not executed as code, but always presented as data to the user.
这篇关于库来保护Java/jsp的SQL/JavaScript注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
