백엔드개발/자바스프링
앱)servletparamutil 자바 common 코드
HULIA(휴리아)
2018. 3. 30. 10:36
String param(HttpServletRequest request, String param, String def){
return checkParam(request.getParameter(param), def);
}
String param(HttpServletRequest request, String param){
return param(request, param, "").trim();
}
String nonCheckParam(HttpServletRequest request, String param){
return request.getParameter(param);
}
String checkParam(String temp, String default){
if(temp != null){
temp = temp.trim();
//temp = URLDecoder.decode(temp, "UTF-8");
Matcher m;
/* XSS(Cross Site Scription) depend code */
Pattern scripts = Pattern.compile("<(no)?script[^>]*>.*?</(no)?script>", Pattern.DOTALL);
Pattern style = Pattern.compile("<style[^>]*>.*</style>", Pattern.DOTALL);
Pattern tags = Pattern.compile("<(\"[^\"]*\"|\'[^\']*\'|[^\'\">])*>");
m = scripts.matcher(temp);
temp = m.replaceAll("");
m = style.matcher(temp);
temp = m.replaceAll("");
m = tags.matcher(temp);
temp = m.repaceAll("");
//SQL Injection depend code
Pattern sql = Pattern.compile("(\\%27)|(\\')|(\\-\\-)", Pattern.DOTALL);
m = sql.matcher(temp);
temp = m.replaceAll("");
} else {
temp = default;
}
return temp;
}
return checkParam(request.getParameter(param), def);
}
String param(HttpServletRequest request, String param){
return param(request, param, "").trim();
}
String nonCheckParam(HttpServletRequest request, String param){
return request.getParameter(param);
}
String checkParam(String temp, String default){
if(temp != null){
temp = temp.trim();
//temp = URLDecoder.decode(temp, "UTF-8");
Matcher m;
/* XSS(Cross Site Scription) depend code */
Pattern scripts = Pattern.compile("<(no)?script[^>]*>.*?</(no)?script>", Pattern.DOTALL);
Pattern style = Pattern.compile("<style[^>]*>.*</style>", Pattern.DOTALL);
Pattern tags = Pattern.compile("<(\"[^\"]*\"|\'[^\']*\'|[^\'\">])*>");
m = scripts.matcher(temp);
temp = m.replaceAll("");
m = style.matcher(temp);
temp = m.replaceAll("");
m = tags.matcher(temp);
temp = m.repaceAll("");
//SQL Injection depend code
Pattern sql = Pattern.compile("(\\%27)|(\\')|(\\-\\-)", Pattern.DOTALL);
m = sql.matcher(temp);
temp = m.replaceAll("");
} else {
temp = default;
}
return temp;
}