如何清理和清理用户提交的URL,以便在Java中重新显示? [英] how can I clean and sanitize a url submitted by a user for redisplay in java?
问题描述
我希望用户能够提交一个url,然后将该URL作为链接显示给其他用户.
如果我天真地重新显示用户提交的内容,我将保持开放状态,例如
http://somesite.com' ><script>[any javacscript in here]</script>
当我将其重新显示给其他用户时,会做一些令人讨厌的事情,或者至少会使我看起来很专业,因为没有阻止它.
是否有一个库,最好是用Java编写的库,它会清理一个url,以便保留所有有效的url,但清除掉任何漏洞利用/骗子?
谢谢!
您可以使用 apache验证程序 URLValidator
UrlValidator urlValidator = new UrlValidator(schemes);
if (urlValidator.isValid("http://somesite.com")) {
//valid
}
I want a user to be able to submit a url, and then display that url to other users as a link.
If I naively redisplay what the user submitted, I leave myself open to urls like
http://somesite.com' ><script>[any javacscript in here]</script>
that when I redisplay it to other users will do something nasty, or at least something that makes me look unprofessional for not preventing it.
Is there a library, preferably in java, that will clean a url so that it retains all valid urls but weeds out any exploits/tomfoolery?
Thanks!
You can use apache validator URLValidator
UrlValidator urlValidator = new UrlValidator(schemes);
if (urlValidator.isValid("http://somesite.com")) {
//valid
}
这篇关于如何清理和清理用户提交的URL,以便在Java中重新显示?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!