git-svn-id: https://192.168.57.71/svn/jsgkj@1901 931142cf-59ea-a443-aa0e-51397b428577

gkoa/trunk/gkoa/WebContent/WEB-INF/pages/sys/login.jsp

@@ -94,6 +94,8 @@ function keyLogin(){
 	 	            		$.messager.alert("提示", "密码错误");
 	 	            	}else if(data=="error"){
 	 	            		$.messager.alert("提示", "验证码错误");
+	 	            	}else if(data=="userlogtimeerror"){
+	 	            		$.messager.alert("提示", "用户登录失败次数已经三次，请十分钟后再登录！");
 	 	            	}else{
 	 	            		$.messager.alert("提示", "用户名或密码错误");
 	 	            	}

gkoa/trunk/gkoa/WebContent/WEB-INF/pages/sys/main.jsp

@@ -47,7 +47,15 @@
         sys.main.dbswurl='${dbswurl}';
         sys.main.init();
         /* sys.main.selMain(); */
+        
+        //密码是否通过复杂性验证
+    	var flag = "<%=request.getSession().getAttribute("pwdSecurity") %>";	
+    	if(flag=="false"){
+    	    $.messager.alert("密码复杂度不满足要求的提示", "您当前密码不满足复杂度要求(8-16位并包括字母、数字、特殊字符)，建议您立即修改密码!");
+    	}
     });
+    
+ 
 </script>
 </head>
 <body >

gkoa/trunk/gkoa/src/com/xt/gkoa/common/MyCustomRealm.java

@@ -1,5 +1,7 @@
 package com.xt.gkoa.common;
 
+import com.xt.gkoa.userManage.entity.UserLogtimeEntity;
+import com.xt.gkoa.userManage.service.UserLogtimeService;
 import com.xtframe.core.menu.entity.Function;
 import com.xtframe.core.menu.entity.Menu;
 import com.xtframe.core.role.entity.Role;
@@ -26,102 +28,98 @@ import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.apache.shiro.subject.SimplePrincipalCollection;
+import org.springframework.beans.factory.annotation.Autowired;
 
-public class MyCustomRealm  extends AuthorizingRealm
-{
+public class MyCustomRealm extends AuthorizingRealm {
 
 	private SecurityMgr securityMgr;
-
-	
-
+	@Autowired
+	public UserLogtimeService userLogtimeservice;
 
 	public void setSecurityMgr(SecurityMgr securityMgr) {
 		this.securityMgr = securityMgr;
 	}
 
-
 	@Override
 	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
-		UsernamePasswordCaptchaToken token = (UsernamePasswordCaptchaToken)authcToken;
-	    User user = this.securityMgr.userService().findByUname(token.getUsername());
-	    String captcha = token.getCaptcha();
-		String exitCode = (String) SecurityUtils.getSubject().getSession()
-				.getAttribute("yzm");
+		UsernamePasswordCaptchaToken token = (UsernamePasswordCaptchaToken) authcToken;
+		User user = this.securityMgr.userService().findByUname(token.getUsername());
+		String captcha = token.getCaptcha();
+		String exitCode = (String) SecurityUtils.getSubject().getSession().getAttribute("yzm");
+
+		List<UserLogtimeEntity> list = userLogtimeservice.findByUserid(user.getId());
+		if (list != null && list.size() > 2) {
+			return null;
+		}
+
 		if (null == captcha || !captcha.equalsIgnoreCase(exitCode)) {
 			return null;
 		}
-	    if (user != null) {
-	    	return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
-	    }
-	    return null;
+		if (user != null) {
+			return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
+		}
+		return null;
 	}
 
+	public void clearAllCachedAuthorizationInfo() {
+		Cache<Object, ?> cache = getAuthorizationCache();
+		if (cache != null)
+			for (Iterator<Object> localIterator = cache.keys().iterator(); localIterator.hasNext();) {
+				Object key = localIterator.next();
+				cache.remove(key);
+			}
+	}
 
+	public void clearCachedAuthorizationInfo(User user) {
+		SimplePrincipalCollection principals = new SimplePrincipalCollection(user, getName());
+		clearCachedAuthorizationInfo(principals);
+	}
 
-	  public void clearAllCachedAuthorizationInfo()
-	  {
-	    Cache<Object, ?> cache = getAuthorizationCache();
-	    if (cache != null)
-	      for (Iterator<Object> localIterator = cache.keys().iterator(); localIterator.hasNext(); ) { Object key = localIterator.next();
-	        cache.remove(key);
-	      }
-	  }
-
-	  public void clearCachedAuthorizationInfo(User user)
-	  {
-	    SimplePrincipalCollection principals = new SimplePrincipalCollection(user, getName());
-	    clearCachedAuthorizationInfo(principals);
-	  }
-
-
-	  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
-	  {
-		  if(principals.fromRealm(getName()).isEmpty()){
-	    		return null;
-	    	}
-	    UserEntity loginUser = (UserEntity)principals.fromRealm(getName()).iterator().next();
-
-	    Session s = SecurityUtils.getSubject().getSession();
-
-	    User user = this.securityMgr.userService().findById(loginUser.getId());
-	    if (user != null) {
-	      SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
-	      List<Role> roles = this.securityMgr.roleService().findByUserId(user.getId());
-	      for (Role role : roles) {
-	        info.addRole(role.getCode());
-	      }
-	      List<Function> userFuncs = this.securityMgr.menuService().findValidFunctionByUserId(user.getId());
-	      List<Function> orgFuncs = this.securityMgr.menuService().findValidFunctionByOrgId(user.getOrg());
-	      userFuncs.addAll(orgFuncs);
-	      List<Role> userRoles = this.securityMgr.roleService().findByUserId(user.getId());
-	      List<Function> roleFuncs;
-	      for (Role r : userRoles) {
-	        roleFuncs = this.securityMgr.menuService().findValidFunctionByRoleId(r.getId());
-	        userFuncs.addAll(roleFuncs);
-	      }
-	      List<String> perms = new ArrayList<String>();
-	      for (Function f : userFuncs) {
-	        Menu m = this.securityMgr.menuService().findMenu(f.getMenu().getId());
-	        String perm = m.getCode() + ":" + f.getCode();
-	        if (!perms.contains(perm)) {
-	          perms.add(perm);
-	        }
-	      }
-	      for (String p : perms) {
-	        info.addStringPermission(SystemParam.getAppName() + ":" + p);
-	      }
-	      s.setAttribute("_AUTH", info);
-	      return info;
-	    }
-	    return null;
-	  }
-
+	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+		if (principals.fromRealm(getName()).isEmpty()) {
+			return null;
+		}
+		UserEntity loginUser = (UserEntity) principals.fromRealm(getName()).iterator().next();
+
+		Session s = SecurityUtils.getSubject().getSession();
+
+		User user = this.securityMgr.userService().findById(loginUser.getId());
+		if (user != null) {
+			SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
+			List<Role> roles = this.securityMgr.roleService().findByUserId(user.getId());
+			for (Role role : roles) {
+				info.addRole(role.getCode());
+			}
+			List<Function> userFuncs = this.securityMgr.menuService().findValidFunctionByUserId(user.getId());
+			List<Function> orgFuncs = this.securityMgr.menuService().findValidFunctionByOrgId(user.getOrg());
+			userFuncs.addAll(orgFuncs);
+			List<Role> userRoles = this.securityMgr.roleService().findByUserId(user.getId());
+			List<Function> roleFuncs;
+			for (Role r : userRoles) {
+				roleFuncs = this.securityMgr.menuService().findValidFunctionByRoleId(r.getId());
+				userFuncs.addAll(roleFuncs);
+			}
+			List<String> perms = new ArrayList<String>();
+			for (Function f : userFuncs) {
+				Menu m = this.securityMgr.menuService().findMenu(f.getMenu().getId());
+				String perm = m.getCode() + ":" + f.getCode();
+				if (!perms.contains(perm)) {
+					perms.add(perm);
+				}
+			}
+			for (String p : perms) {
+				info.addStringPermission(SystemParam.getAppName() + ":" + p);
+			}
+			s.setAttribute("_AUTH", info);
+			return info;
+		}
+		return null;
+	}
 
 	public MyCustomRealm(CredentialsMatcher credentialsMatcher) {
 		super(credentialsMatcher);
 	}
 
-
 	public MyCustomRealm() {
 		super();
 		// TODO Auto-generated constructor stub
@@ -132,13 +130,9 @@ public class MyCustomRealm  extends AuthorizingRealm
 		// TODO Auto-generated constructor stub
 	}
 
-
 	public MyCustomRealm(CacheManager cacheManager) {
 		super(cacheManager);
 		// TODO Auto-generated constructor stub
 	}
 
-
-
-
 }

gkoa/trunk/gkoa/src/com/xt/gkoa/common/MyFilter.java

@@ -4,8 +4,13 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
+
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationToken;
@@ -14,6 +19,9 @@ import org.apache.shiro.authc.UnknownAccountException;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.web.util.WebUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+
+import com.xt.gkoa.userManage.entity.UserLogtimeEntity;
+import com.xt.gkoa.userManage.service.UserLogtimeService;
 import com.xtframe.core.org.entity.Org;
 import com.xtframe.core.support.SecurityMgr;
 import com.xtframe.core.user.entity.User;
@@ -21,79 +29,111 @@ import com.xtframe.core.utils.Assert;
 import com.xtframe.core.utils.CoreConstants;
 import com.xtframe.sec.common.CaptchaFormAuthenticationFilter;
 
-public class MyFilter extends CaptchaFormAuthenticationFilter{
+public class MyFilter extends CaptchaFormAuthenticationFilter {
 
 	@Autowired
 	private SecurityMgr securityMgr;
-	
+	@Autowired
+	private UserLogtimeService userLogtimeservice;
 	public static final String ALGORITHM = "SHA-256";
-	
 
+	@SuppressWarnings("unused")
 	@Override
 	protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
-	      PrintWriter out = null;
-	      try {
-	      	out = response.getWriter();
-	      	UsernamePasswordCaptchaToken token1 = (UsernamePasswordCaptchaToken)token;
-	      	User user = this.securityMgr.userService().findByUname(token1.getUsername());
-	      	String captcha = token1.getCaptcha();
-			String exitCode = (String) SecurityUtils.getSubject().getSession().getAttribute("yzm");
-			if(e instanceof UnknownAccountException){
-				out.write("unameerror");
-			}else if(e instanceof IncorrectCredentialsException ){
-				out.write("pwderror");
-			}else{
-				char[] ary = token1.getPassword();
-				StringBuffer sb = new StringBuffer();
-				for(int i = 0; i < ary.length; i++){
-					sb.append(ary[i]);
-				}
-				String newPw = sb.toString();
-				if(user==null){
+		PrintWriter out = null;
+		try {
+			out = response.getWriter();
+			UsernamePasswordCaptchaToken token1 = (UsernamePasswordCaptchaToken) token;
+			User user = this.securityMgr.userService().findByUname(token1.getUsername());
+
+			List<UserLogtimeEntity> list = userLogtimeservice.findByUserid(user.getId());
+			if (list != null && list.size() > 2) {
+				out.write("userlogtimeerror");
+			} else {
+				String captcha = token1.getCaptcha();
+				String exitCode = (String) SecurityUtils.getSubject().getSession().getAttribute("yzm");
+				if (e instanceof UnknownAccountException) {
 					out.write("unameerror");
-				}else if(!(user.getPassword()).equals(SHA256Encrypt(newPw))){
+				} else if (e instanceof IncorrectCredentialsException) {
+					UserLogtimeEntity userTime = new UserLogtimeEntity();
+					userTime.setUserid(user.getId());
+					userTime.setUname(user.getUname());
+					userLogtimeservice.save(userTime);
 					out.write("pwderror");
-				}else if(!captcha.equalsIgnoreCase(exitCode)){
-					out.write("error");
-				}else{
-					out.write("unameerror");
+				} else {
+					char[] ary = token1.getPassword();
+					StringBuffer sb = new StringBuffer();
+					for (int i = 0; i < ary.length; i++) {
+						sb.append(ary[i]);
+					}
+					String newPw = sb.toString();
+					if (user == null) {
+						out.write("unameerror");
+					} else if (!(user.getPassword()).equals(SHA256Encrypt(newPw))) {
+						UserLogtimeEntity userTime = new UserLogtimeEntity();
+						userTime.setUserid(user.getId());
+						userTime.setUname(user.getUname());
+						userLogtimeservice.save(userTime);
+						out.write("pwderror");
+					} else if (!captcha.equalsIgnoreCase(exitCode)) {
+						out.write("error");
+					} else {
+						out.write("unameerror");
+					}
 				}
 			}
-	      }
-	      catch (IOException e2) {
-	          e2.printStackTrace();
-	      }finally{
-	      	if(out!=null){
-	      		out.flush();
-	      		out.close();
-	      	}
-	      }
-			return false;
+
+		} catch (IOException e2) {
+			e2.printStackTrace();
+		} finally {
+			if (out != null) {
+				out.flush();
+				out.close();
+			}
+		}
+		return false;
 	}
 
 	@Override
 	protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
 		Object principal = subject.getPrincipal();
-		GlobalData.isSSO=false;
-      Assert.isInstanceOf(User.class, principal);
-      User u = (User) principal;
-      Assert.notNull(u.getOrg(), "用户所在组织不能为空！");
-      Org org = securityMgr.orgService().findOne(u.getOrg());
-      Assert.notNull(org, "用户所在组织不能为空！");
-      subject.getSession().setAttribute(CoreConstants.SESSION_KEY_ORG, org);
-      PrintWriter out = null;
-      try {
-      	out = response.getWriter();
-        out.write("success;"+u.getUname());
-      }
-      catch (IOException e) {
-          e.printStackTrace();
-      }finally{
-      	if(out!=null){
-      		out.flush();
-      		out.close();
-      	}
-      }
+		GlobalData.isSSO = false;
+		Assert.isInstanceOf(User.class, principal);
+		User u = (User) principal;
+		Assert.notNull(u.getOrg(), "用户所在组织不能为空！");
+		Org org = securityMgr.orgService().findOne(u.getOrg());
+		Assert.notNull(org, "用户所在组织不能为空！");
+		subject.getSession().setAttribute(CoreConstants.SESSION_KEY_ORG, org);
+		String password = getPassword(request);
+		// 判断密码复杂性是否满足要求
+		Pattern p = Pattern.compile("^(?=.*?[a-zA-Z])(?=.*?\\d)(?=.*?[-`=\\\\\\[\\];',.\\/~!@#$%^&*()_+|{}:<>\"]).{8,}$");
+		Matcher m = p.matcher(password);
+		if (!m.find()) {
+			// 不符合要求
+			subject.getSession().setAttribute("pwdSecurity", "false");
+		}
+
+		PrintWriter out = null;
+		try {
+			out = response.getWriter();
+
+			// 登录成功删除登录失败信息
+			List<UserLogtimeEntity> list = userLogtimeservice.findByUid(u.getId());
+			if (list != null && list.size() > 0) {
+				for (UserLogtimeEntity userlog : list) {
+					userLogtimeservice.delete(userlog);
+				}
+			}
+			out.write("success;" + u.getUname());
+
+		} catch (IOException e) {
+			e.printStackTrace();
+		} finally {
+			if (out != null) {
+				out.flush();
+				out.close();
+			}
+		}
 		return false;
 	}
 
@@ -127,53 +167,51 @@ public class MyFilter extends CaptchaFormAuthenticationFilter{
 
 		String host = getHost(request);
 
-		return new UsernamePasswordCaptchaToken(username,
-				password.toCharArray(), rememberMe, host, captcha);
+		return new UsernamePasswordCaptchaToken(username, password.toCharArray(), rememberMe, host, captcha);
 
 	}
-	
+
 	/**
 	 * SHA-256加密
+	 * 
 	 * @param orignal
 	 * @return
 	 */
-    public static String SHA256Encrypt(String orignal) { 
-        MessageDigest md = null; 
-        try { 
-            md = MessageDigest.getInstance(ALGORITHM); 
-        } catch (NoSuchAlgorithmException e) { 
-            e.printStackTrace(); 
-        } 
-        if (null != md) { 
-            byte[] origBytes = orignal.getBytes(); 
-            md.update(origBytes); 
-            byte[] digestRes = md.digest(); 
-            String digestStr = getDigestStr(digestRes); 
-            return digestStr; 
-        }
-
-        return null; 
-    }
-
-    private static String getDigestStr(byte[] origBytes) { 
-        String tempStr = null; 
-        StringBuilder stb = new StringBuilder(); 
-        for (int i = 0; i < origBytes.length; i++) { 
-            // System.out.println("and by bit: " + (origBytes[i] & 0xff)); 
-            // System.out.println("no and: " + origBytes[i]); 
-            // System.out.println("---------------------------------------------"); 
-            // 这里按位与是为了把字节转整时候取其正确的整数，java中一个int是4个字节 
-            // 如果origBytes[i]最高位为1，则转为int时，int的前三个字节都被1填充了 
-            tempStr = Integer.toHexString(origBytes[i] & 0xff); 
-            if (tempStr.length() == 1) { 
-                stb.append("0"); 
-            } 
-            stb.append(tempStr);
-
-        } 
-        return stb.toString(); 
-    }
-
-	
+	public static String SHA256Encrypt(String orignal) {
+		MessageDigest md = null;
+		try {
+			md = MessageDigest.getInstance(ALGORITHM);
+		} catch (NoSuchAlgorithmException e) {
+			e.printStackTrace();
+		}
+		if (null != md) {
+			byte[] origBytes = orignal.getBytes();
+			md.update(origBytes);
+			byte[] digestRes = md.digest();
+			String digestStr = getDigestStr(digestRes);
+			return digestStr;
+		}
+
+		return null;
+	}
+
+	private static String getDigestStr(byte[] origBytes) {
+		String tempStr = null;
+		StringBuilder stb = new StringBuilder();
+		for (int i = 0; i < origBytes.length; i++) {
+			// System.out.println("and by bit: " + (origBytes[i] & 0xff));
+			// System.out.println("no and: " + origBytes[i]);
+			// System.out.println("---------------------------------------------");
+			// 这里按位与是为了把字节转整时候取其正确的整数，java中一个int是4个字节
+			// 如果origBytes[i]最高位为1，则转为int时，int的前三个字节都被1填充了
+			tempStr = Integer.toHexString(origBytes[i] & 0xff);
+			if (tempStr.length() == 1) {
+				stb.append("0");
+			}
+			stb.append(tempStr);
+
+		}
+		return stb.toString();
+	}
 
 }

gkoa/trunk/gkoa/src/com/xt/gkoa/userManage/dao/UserLogtimeDao.java

@@ -0,0 +1,16 @@
+package com.xt.gkoa.userManage.dao;
+
+import java.util.List;
+
+import org.springframework.data.jpa.repository.Query;
+
+import com.xt.gkoa.userManage.entity.UserLogtimeEntity;
+import com.xtframe.sec.common.SecRepository;
+
+public interface UserLogtimeDao extends SecRepository<UserLogtimeEntity, String> {
+
+	@Query(value = "select t.* from T_XTFRAME_USERLOGTIME t where t.userid = ?1 and  t.record_status <> 9 and t.add_date >sysdate - interval '10' MINUTE  ", nativeQuery = true)
+	public List<UserLogtimeEntity> findByUserid(String useid);
+
+	@Query(value = "select t.* from T_XTFRAME_USERLOGTIME t where t.userid = ?1 and  t.record_status <> 9  ", nativeQuery = true)
+	public List<UserLogtimeEntity> findByUid(String useid);}

gkoa/trunk/gkoa/src/com/xt/gkoa/userManage/entity/UserLogtimeEntity.java

@@ -0,0 +1,53 @@
+package com.xt.gkoa.userManage.entity;
+
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.hibernate.annotations.GenericGenerator;
+
+import com.xt.gkoa.common.dao.CommonEntity;
+
+/**
+ * 用户登录次数对象
+ * 
+ * 
+ */
+@javax.persistence.Entity
+@Table(name = "T_XTFRAME_USERLOGTIME")
+public class UserLogtimeEntity extends CommonEntity<String> {
+	/** serialVersionUID */
+	private static final long serialVersionUID = 5951523673825956059L;
+	/** UUID */
+	private String id;
+	private String userid;
+	private String uname;
+
+	@Id
+	@GenericGenerator(name = "systemUUID", strategy = "uuid")
+	@GeneratedValue(generator = "systemUUID")
+	public String getId() {
+		return id;
+	}
+
+	public void setId(String id) {
+		this.id = id;
+	}
+
+	public String getUserid() {
+		return userid;
+	}
+
+	public void setUserid(String userid) {
+		this.userid = userid;
+	}
+
+	public String getUname() {
+		return uname;
+	}
+
+	public void setUname(String uname) {
+		this.uname = uname;
+	}
+
+}

gkoa/trunk/gkoa/src/com/xt/gkoa/userManage/service/UserLogtimeService.java

@@ -0,0 +1,21 @@
+package com.xt.gkoa.userManage.service;
+
+import java.util.List;
+
+import com.xt.gkoa.userManage.entity.UserLogtimeEntity;
+
+public interface UserLogtimeService {
+
+	public <S extends UserLogtimeEntity> S save(S entity);
+
+	public UserLogtimeEntity findOne(String id);
+
+	public void logicDelete(String str);
+
+	public void delete(UserLogtimeEntity entity);
+
+	List<UserLogtimeEntity> findByUserid(String useid);
+
+	List<UserLogtimeEntity> findByUid(String useid);
+
+}

gkoa/trunk/gkoa/src/com/xt/gkoa/userManage/service/imp/UserLogtimeServiceImpl.java

@@ -0,0 +1,35 @@
+package com.xt.gkoa.userManage.service.imp;
+
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import com.xt.gkoa.common.service.GkoaBaseService;
+import com.xt.gkoa.userManage.dao.UserLogtimeDao;
+import com.xt.gkoa.userManage.entity.UserLogtimeEntity;
+import com.xt.gkoa.userManage.service.UserLogtimeService;
+import com.xtframe.sec.common.SecRepository;
+
+@Service
+public class UserLogtimeServiceImpl extends GkoaBaseService<UserLogtimeEntity, String> implements UserLogtimeService {
+	@Autowired
+	private UserLogtimeDao dao;
+
+	@Override
+	protected SecRepository<UserLogtimeEntity, String> getDao() {
+		return dao;
+	}
+
+	@Override
+	public List<UserLogtimeEntity> findByUserid(String useid) {
+		return dao.findByUserid(useid);
+	}
+
+
+	@Override
+	public List<UserLogtimeEntity> findByUid(String useid) {
+		return dao.findByUid(useid);
+	}
+
+}

gkoa/trunk/gkoa/src/com/xtframe/core/filter/XssHttpServletRequestWrapper.java

@@ -33,13 +33,14 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
     }
     private String cleanXSS(String value) {
                 //You'll need to remove the spaces from the html entities below
-        value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");
+        //value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");
         //value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");
         //value = value.replaceAll("'", "& #39;");
         value = value.replaceAll("eval\\((.*)\\)", "");
         value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
         value = value.replaceAll("script", "");
-        value = value.replaceAll("%", "\\\\u0025");
+        value = value.replaceAll("alert", "");
+       // value = value.replaceAll("%", "\\\\u0025");
         return value;
     }