|
|
@@ -34,12 +34,12 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
|
|
private String cleanXSS(String value) {
|
|
|
//You'll need to remove the spaces from the html entities below
|
|
|
value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");
|
|
|
- value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");
|
|
|
- value = value.replaceAll("'", "& #39;");
|
|
|
+ //value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");
|
|
|
+ //value = value.replaceAll("'", "& #39;");
|
|
|
value = value.replaceAll("eval\\((.*)\\)", "");
|
|
|
value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
|
|
|
value = value.replaceAll("script", "");
|
|
|
- value = value.replaceAll("%", "\u0025");
|
|
|
+ value = value.replaceAll("%", "\\\\u0025");
|
|
|
return value;
|
|
|
}
|
|
|
|
ld_xuhx