fourcal/src/main/java/cn/palmte/work/security/UrlUtil.java

package cn.palmte.work.security;

import top.jfunc.common.utils.StrUtil;

/**
 * 框架注入漏洞
 * https://blog.csdn.net/conkeyn/article/details/84532040
 * @author xiongshiyan at 2021/9/6 , contact me with email yanshixiong@126.com or phone 15208384257
 */
public class UrlUtil {
    private static final String REG_EX="[\n`~!@#$%^&*\\(\\)+|;{}',\\\\\\[\\]<>/?~！@#￥%……&*（）——+|{}【】‘；：”“’。， 、？]";

    public static String replaceSpecialChar(String origin){
        if(StrUtil.isEmpty(origin)){
            return origin;
        }
        String s = origin.replaceAll(REG_EX, "");
        //双引号不好写在正则中
        return s.replace("\"", "");
    }

    public static void main(String[] args) {
        String origin = "12|&;$%@'\"<>()+,\\";
        System.out.println(origin);
        String s = replaceSpecialChar(origin);
        System.out.println(s);
    }
}