如何清理和清理用户提交的URL，以便在Java中重新显示? [英] how can I clean and sanitize a url submitted by a user for redisplay in java?

问题描述

我希望用户能够提交一个url，然后将该URL作为链接显示给其他用户.

如果我天真地重新显示用户提交的内容，我将保持开放状态，例如

http://somesite.com' ><script>[any javacscript in here]</script>

当我将其重新显示给其他用户时，会做一些令人讨厌的事情，或者至少会使我看起来很专业，因为没有阻止它.

是否有一个库，最好是用Java编写的库，它会清理一个url，以便保留所有有效的url，但清除掉任何漏洞利用/骗子?

谢谢！

解决方案

您可以使用 apache验证程序 URLValidator

UrlValidator urlValidator = new UrlValidator(schemes);
if (urlValidator.isValid("http://somesite.com")) {
   //valid
}

I want a user to be able to submit a url, and then display that url to other users as a link.

If I naively redisplay what the user submitted, I leave myself open to urls like

http://somesite.com' ><script>[any javacscript in here]</script>

that when I redisplay it to other users will do something nasty, or at least something that makes me look unprofessional for not preventing it.

Is there a library, preferably in java, that will clean a url so that it retains all valid urls but weeds out any exploits/tomfoolery?

Thanks!

解决方案

You can use apache validator URLValidator

UrlValidator urlValidator = new UrlValidator(schemes);
if (urlValidator.isValid("http://somesite.com")) {
   //valid
}

这篇关于如何清理和清理用户提交的URL，以便在Java中重新显示?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！