29 lines
923 B
Java
29 lines
923 B
Java
|
package cn.palmte.work.security;
|
|||
|
|
|
|||
|
|
import top.jfunc.common.utils.StrUtil;
|
|||
|
|
|
|||
|
|
/**
|
|||
|
|
* 框架注入漏洞
|
|||
|
|
* https://blog.csdn.net/conkeyn/article/details/84532040
|
|||
|
|
* @author xiongshiyan at 2021/9/6 , contact me with email yanshixiong@126.com or phone 15208384257
|
|||
|
|
*/
|
|||
|
|
public class UrlUtil {
|
|||
|
|
private static final String REG_EX="[\n`~!@#$%^&*\\(\\)+|;{}',\\\\\\[\\]<>/?~!@#¥%……&*()——+|{}【】‘;:”“’。, 、?]";
|
|||
|
|
|
|||
|
|
public static String replaceSpecialChar(String origin){
|
|||
|
|
if(StrUtil.isEmpty(origin)){
|
|||
|
|
return origin;
|
|||
|
|
}
|
|||
|
|
String s = origin.replaceAll(REG_EX, "");
|
|||
|
|
//双引号不好写在正则中
|
|||
|
|
return s.replace("\"", "");
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static void main(String[] args) {
|
|||
|
|
String origin = "12|&;$%@'\"<>()+,\\";
|
|||
|
|
System.out.println(origin);
|
|||
|
|
String s = replaceSpecialChar(origin);
|
|||
|
|
System.out.println(s);
|
|||
|
|
}
|
|||
|
|
}
|