0
我已經給了一個任務來阻止我們的網站使用跨站點腳本(XSS)。這個概念對我來說是新的,我搜索了很多並獲得了owasp-java-html-sanitizer。我制定了自己的政策如何在jsp頁面上使用owasp-java-html-sanitizer的策略
public static final PolicyFactory POLICY_DEFINITION = new HtmlPolicyBuilder()
通過使用.allowAttributes,我設計了它。 但現在我無能如何使用它...我發現下面的代碼片段:
System.err.println("[Reading from STDIN]");
// Fetch the HTML to sanitize.
String html = CharStreams.toString(new InputStreamReader(System.in,
Charsets.UTF_8));
// Set up an output channel to receive the sanitized HTML.
HtmlStreamRenderer renderer = HtmlStreamRenderer.create(System.out,
// Receives notifications on a failure to write to the output.
new Handler<IOException>() {
public void handle(IOException ex) {
Throwables.propagate(ex); // System.out suppresses
// IOExceptions
}
},
// Our HTML parser is very lenient, but this receives
// notifications on
// truly bizarre inputs.
new Handler<String>() {
public void handle(String x) {
throw new AssertionError(x);
}
});
// Use the policy defined above to sanitize the HTML.
HtmlSanitizer.sanitize(html, POLICY_DEFINITION.apply(renderer));
}
,但我怎麼能將此我的JSP,因爲我認爲這是簡單的HTML。 請幫忙。