escape
package com.samsung.foundation.util;
import java.security.MessageDigest;
import java.util.Collection;
import java.util.Map;
import java.util.Random;
import java.util.UUID;
public class CommonUtil {
/**
* String ? ??? XML ???? ?? ?? ??(<,>,",',&)? ??<br>
* <input type="text"> 'tag'? ?? ??
*
* @param src
* @return
*/
public static String safeHtmlEscInput(String src) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '<':
out.append("<");
break;
case '>':
out.append(">");
break;
case '"':
out.append(""");
break;
case '\'':
out.append("'");
break;
case '|':
out.append("|");
break;
case '&':
if (i + 1 < len && src.charAt(i + 1) == '#') {
out.append(src.charAt(i));
} else {
out.append("&");
}
break;
case '*':
out.append("*");
break;
case '/':
out.append("/");
break;
case '\t':
out.append("   ");
break;
case ' ':
out.append(" ");
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* value ? null ?? ???? null? ?? 0? return
*
* @param oVal ??? Integer obj
* @return null ? ?? 0, null ? ?? ?? Integer? int value
*/
public static int checkNull(Integer oVal) {
return checkNull(oVal, 0);
}
/**
* value ? null ?? ???? null? ?? 0? return
*
* @param oVal ??? Integer obj
* @param iDefaultValue oVal null ? ?? default ? ???? ?
* @return null ? ?? 0, null ? ?? ?? Integer? int value
*/
public static int checkNull(Integer oVal, int iDefaultValue) {
int iResult = iDefaultValue;
if (oVal != null) {
iResult = oVal.intValue();
}
return iResult;
}
/**
* value ? null ?? ???? ??? ???? return
*
* @param sVal ??? String
* @return null ? ?? "", null ? ?? ?? ??? ??? String
*/
public static String checkNull(String sVal) {
String sResult = "";
if (sVal != null) {
sResult = sVal.trim();
}
return sResult;
}
/**
* value ? null ? ?? defaultValue? return, null ? ?? ?? ??? ???? return
*
* @param sVal ??? String
* @param sDefaultValue sVal? null ? ?? default ? ???? ? (sDefaultValue? null ? ??? ""?? ???)
* @return null ? ?? defaultValue, null ? ?? ?? ??? ??? String
*/
public static String checkNull(String sVal, String sDefaultValue) {
String sResult = "";
if (sDefaultValue != null) {
sResult = sDefaultValue;
}
if (sVal != null && !"".equals(sVal.trim())) {
sResult = sVal.trim();
}
return sResult;
}
/**
* SQL Injection ? ???? Database ? ?? ??? ?? ????.<br>
* "'" ==> "''" ?? ??
* --, ;, % ?? ??
*
* @param sValue ?? ??? ??? ?
* @return SQL Injection ? ??? String
*/
public static String safeSqlInput(String sValue) {
String retValue;
if (sValue == null) {
return null;
}
StringBuilder sbConvertedValue = new StringBuilder();
int iValueLen = sValue.length();
for (int iCount = 0; iCount < iValueLen; iCount++) {
if (sValue.charAt(iCount) == '\'') {
sbConvertedValue.append("'");
} else if (sValue.charAt(iCount) == ';' || sValue.charAt(iCount) == '%') {
continue;
}
sbConvertedValue.append(sValue.charAt(iCount));
}
retValue = sbConvertedValue.toString().replaceAll("--", "");
return retValue;
}
/**
* collection ? null ?? ?? ??? true return
*
* @param collection ??? Collection<?> ??? ????
* @return collection? null ?? ???? ??
*/
public static boolean isEmpty(Collection<?> collection) {
if (collection == null || collection.isEmpty()) {
return true;
}
return false;
}
/**
* String ? null ?? ?????? true return
*
* @param sVal ??? String
* @return value? null ?? ???? ??
*/
public static boolean isEmpty(String sVal) {
if (CommonUtil.checkNull(sVal).equals("")) {
return true;
}
return false;
}
/**
* Returns true if this map is <code>null</code> or contains no key-value mappings.
*
* @param map
* @return true if this map is <code>null</code> or contains no key-value mappings
* @since 1.5
*/
public static boolean isEmpty(Map<?, ?> map) {
return (map == null || map.isEmpty()) ? true : false;
}
/**
* Returns true if this array is <code>null</code> or contains no objects.
*
* @param array
* @return true if this array is <code>null</code> or contains no objects.
* @since 1.5
*/
public static boolean isEmpty(Object[] array) {
return (array == null || array.length == 0) ? true : false;
}
/**
* String ? ??? XML ???? ?? ?? ??(<,>,",',&)? ??<br>
* <input type="hidden"> 'tag'? ?? ??
*
* @param src
* @return
*/
public static String safeHtmlEscHidden(String src) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '<':
out.append("<");
break;
case '>':
out.append(">");
break;
case '"':
out.append(""");
break;
case '\'':
out.append("'");
break;
case '|':
out.append("|");
break;
case '\n':
out.append("<BR>");
break;
case '&':
if (i + 1 < len && src.charAt(i + 1) == '#') {
out.append(src.charAt(i));
} else {
out.append("&");
}
break;
case '*':
out.append("*");
break;
case '/':
out.append("/");
break;
case '\t':
out.append("   ");
break;
case ' ':
out.append(" ");
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* String ? ??? XML ???? ?? ?? ??(",')? ????.<br>
* <td title='data'> ?? html ? quotation ?? ???? ???? ?? ??
*
* @param src
* @return
*/
public static String safeHtmlEscInQuot(String src) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '"':
out.append(""");
break;
case '\'':
out.append("'");
break;
case '&':
if (i + 1 < len && src.charAt(i + 1) == '#') {
out.append(src.charAt(i));
} else {
out.append("&");
}
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* String ? ??? JavaScript? ?? ?? ??(',",\r,\n,\t)? ????.<br>
*
* @param src ??? String
* @param isDoubleQuot ???? ?? 'quotation'? " ?? '??(true ? ")
* @return javaScript? ?? String
*/
public static String safeHtmlEscJavaScript(String src, boolean isDoubleQuot) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '"':
if (isDoubleQuot) {
out.append("\\").append(src.charAt(i));
} else {
out.append(src.charAt(i));
}
break;
case '\'':
if (isDoubleQuot) {
out.append(src.charAt(i));
} else {
out.append("\\").append(src.charAt(i));
}
break;
case '\r':
out.append("\\r");
break;
case '\n':
out.append("\\n");
break;
case '\t':
out.append("\\t");
break;
case '\\':
out.append("\\\\");
break;
case '<':
out.append("\\074");
break;
case '>':
out.append("\\076");
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* 'Quotation'?? Javascript ? ????.<br>
* safeHtmlEscJavaScript ???? " -> \042, ' -> \047 ? ????.<br>
* onclick ="javascript:alert('xxx')" ? ?? ??? ' ? " ? ??? ???? ?? ??? ????? ? ???? ????.
*
* @param src ??? String
* @return javaScript? ?? String
*/
public static String safeHtmlEscJavaScriptInQuot(String src) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '"':
out.append("\\042");
break;
case '\'':
out.append("\\047");
break;
case '\r':
out.append("\\r");
break;
case '\n':
out.append("\\n");
break;
case '\t':
out.append("\\t");
break;
case '\\':
out.append("\\\\");
break;
case '<':
out.append("\\074");
break;
case '>':
out.append("\\076");
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* Escapes '%', '_' and '\' characters. Default ESCAPE character is '\'.
* ESCAPE clause is required in the SQL statement.
*
* @param sValue
* @return
* @since 1.5
*/
public static String safeLikeSearchEscape(String sValue) {
return safeLikeSearchEscape(sValue, '\\');
}
/**
* Escapes '%', '_' and '\' characters.
* ESCAPE clause is required in the SQL statement.
*
* @param sValue
* @param escapeChar
* @return
* @since 1.5
*/
public static String safeLikeSearchEscape(String sValue, char escapeChar) {
if (sValue == null) {
return null;
}
StringBuilder sbConvertedValue = new StringBuilder();
int iValueLen = sValue.length();
for (int iCount = 0; iCount < iValueLen; iCount++) {
char cValue = sValue.charAt(iCount);
if (cValue == '_' || cValue == '%' || cValue == escapeChar) {
sbConvertedValue.append(escapeChar);
}
sbConvertedValue.append(cValue);
}
return sbConvertedValue.toString();
}
/**
* Like ??? ??? ???? ????? Like ??? ?? ??<br>
* "'" ==> "''" ?? ??<br>
* --, ; ?? ??<br>
*
* @param sValue ?? ??? ??? ?
* @return String ??? ? (???? null ?? null ??)
*/
public static String safeLikeSearchInput(String sValue) {
return safeLikeSearchInput(sValue, false);
}
/**
* Like ??? ??? ???? ????? Like ??? ?? ??<br>
* "'" ==> "''" ?? ??<br>
* --, ; ?? ??<br>
* <br>
* ?, ???? useEscape? true ?? ??? like ?? ?? <span color="red">"escape '\'"</span>? ?????.<br>
* "%" ==> "\%" ?? ??<br>
* "_" ==> "\_" ?? ??<br>
* "`" ==> "\`" ?? ??
*
* @param sValue ?? ??? ??? ?
* @param useEscape escape ?? ????
* @return String ??? ? (???? null ?? null ??)
*/
public static String safeLikeSearchInput(String sValue, boolean useEscape) {
String retValue;
if (sValue == null) {
return null;
}
StringBuilder sbConvertedValue = new StringBuilder();
int iValueLen = sValue.length();
for (int iCount = 0; iCount < iValueLen; iCount++) {
char cValue = sValue.charAt(iCount);
// SQL-Injection ??
if (cValue == '\'') {
sbConvertedValue.append("'");
} else if (cValue == ';') {
continue;
}
// Escape ??
else if (useEscape) {
if (cValue == '_' || cValue == '%' || cValue == '\\') {
sbConvertedValue.append("\\");
}
}
sbConvertedValue.append(cValue);
}
retValue = sbConvertedValue.toString().replaceAll("--", "");
return retValue;
}
/**
* String ? ??? XML ???? ?? ?? ??(<,>,",',&)? ????.<br>
* <td>data</td> ?? display ?? tag ? ?? ??
*
* @param src
* @return
*/
public static String safeHtmlEscDisplay(String src) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '<':
out.append("<");
break;
case '>':
out.append(">");
break;
case '"':
out.append(""");
break;
case '\'':
out.append("'");
break;
case '|':
out.append("|");
break;
case '&':
if (i + 1 < len && src.charAt(i + 1) == '#') {
out.append(src.charAt(i));
} else {
out.append("&");
}
break;
case '*':
out.append("*");
break;
case '/':
out.append("/");
break;
case '\n':
out.append("<BR>");
break;
case '\t':
out.append(" ");
break;
case ' ':
out.append(" ");
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* @param src
* @return
*/
public static String safeHtmlEscDisplayForKindeditor(String src) {
if (src == null) {
return "";
}
src = src.replaceAll("&", "&");
src = src.replaceAll("<", "<");
src = src.replaceAll(">", ">");
src = src.replaceAll("\"", """);
return src;
}
/**
* get uuid for table data id
* @return
* @since 1.0
*/
public static String getUUID(){
String s = UUID.randomUUID().toString();
return s.substring(0,8)+s.substring(9,13)+s.substring(14,18)+s.substring(19,23)+s.substring(24);
}
/**
* get random number -zq.wu
* @param nRandomCount
* @param isNumber
* @return
* @since 1.0
*/
public static String getRandomString(int nRandomCount, boolean isNumber) {
char[] a = null;
if (isNumber) {
a = new char[10];
for (int i = 48, j = 0; i <= 57; i++, j++) {
a[j] = (char) i;
}
} else {
// ASCII 48~57,String 0~9;
// ASCII 65~90,String A-Z;
// ASCII 97~122,String a-z;
a = new char[62];
for (int i = 48, j = 0; i <= 122; i++) {
if ((i > 57 && i < 65) || (i > 90 && i < 97)) {
continue;
} else {
a[j] = (char) i;
j++;
}
}
}
String strRand = "";
int LengthOfRandom = a.length;
Random random = new Random();
for (int i = 0; i < nRandomCount; i++) {
int nRand = random.nextInt(LengthOfRandom);
strRand += a[nRand];
}
return strRand;
}
public static String getEncryptPassword(String str) {
MessageDigest messageDigest = null;
try {
messageDigest = MessageDigest.getInstance("MD5");
messageDigest.reset();
messageDigest.update(str.getBytes("UTF-8"));
}catch (Exception e) {
e.printStackTrace();
}
byte[] byteArray = messageDigest.digest();
StringBuffer md5StrBuff = new StringBuffer();
for (int i = 0; i < byteArray.length; i++) {
if (Integer.toHexString(0xFF & byteArray[i]).length() == 1)
md5StrBuff.append("0").append(Integer.toHexString(0xFF & byteArray[i]));
else
md5StrBuff.append(Integer.toHexString(0xFF & byteArray[i]));
}
return md5StrBuff.toString();
}
/**
* 将驼峰式命名的字符串转换为下划线大写方式。如果转换前的驼峰式命名的字符串为空,则返回空字符串。</br>
* 例如:HelloWorld->HELLO_WORLD
* @param name 转换前的驼峰式命名的字符串
* @return 转换后下划线大写方式命名的字符串
*/
public static String underscoreName(String name) {
StringBuilder result = new StringBuilder();
if (name != null && name.length() > 0) {
// 将第一个字符处理成大写
result.append(name.substring(0, 1).toUpperCase());
// 循环处理其余字符
for (int i = 1; i < name.length(); i++) {
String s = name.substring(i, i + 1);
// 在大写字母前添加下划线
if (s.equals(s.toUpperCase()) && !Character.isDigit(s.charAt(0))) {
result.append("_");
}
// 其他字符直接转成大写
result.append(s.toUpperCase());
}
}
return result.toString();
}
/**
* 将下划线大写方式命名的字符串转换为驼峰式。如果转换前的下划线大写方式命名的字符串为空,则返回空字符串。</br>
* 例如:HELLO_WORLD->HelloWorld
* @param name 转换前的下划线大写方式命名的字符串
* @return 转换后的驼峰式命名的字符串
*/
public static String camelName(String name) {
StringBuilder result = new StringBuilder();
// 快速检查
if (name == null || name.isEmpty()) {
// 没必要转换
return "";
} else if (!name.contains("_")) {
// 不含下划线,仅将首字母小写
return name.substring(0, 1).toLowerCase() + name.substring(1);
}
// 用下划线将原始字符串分割
String camels[] = name.split("_");
for (String camel : camels) {
// 跳过原始字符串中开头、结尾的下换线或双重下划线
if (camel.isEmpty()) {
continue;
}
// 处理真正的驼峰片段
if (result.length() == 0) {
// 第一个驼峰片段,全部字母都小写
result.append(camel.toLowerCase());
} else {
// 其他的驼峰片段,首字母大写
result.append(camel.substring(0, 1).toUpperCase());
result.append(camel.substring(1).toLowerCase());
}
}
return result.toString();
}
public static void main(String arg[]){
String randStr = getRandomString(32,false);
System.out.println(randStr + " \n"+randStr.length());
String pass = "111111"+randStr;
String enPass = getEncryptPassword(pass);
System.out.println( enPass+ " \n"+enPass.length());
}
}
package com.samsung.foundation.util;
public class FoundationUtil {
/**
* Escapes '%', '_' and '\' characters. Default ESCAPE character is '\'.
* ESCAPE clause is required in the SQL statement.
*
* @param sValue
* @return
* @since 1.5
*/
public static String safeLikeSearchEscape(String sValue) {
return safeLikeSearchEscape(sValue, '\\');
}
/**
* Escapes '%', '_' and the <code>escapeChar</code> characters.
* ESCAPE clause is required in the SQL statement.
*
* @param sValue
* @param escapeChar
* @return
* @since 1.5
*/
public static String safeLikeSearchEscape(String sValue, char escapeChar) {
if (sValue == null) {
return null;
}
StringBuilder sbConvertedValue = new StringBuilder();
int iValueLen = sValue.length();
for (int iCount = 0; iCount < iValueLen; iCount++) {
char cValue = sValue.charAt(iCount);
if (cValue == '_' || cValue == '%' || cValue == escapeChar) {
sbConvertedValue.append(escapeChar);
}
sbConvertedValue.append(cValue);
}
return sbConvertedValue.toString();
}
}
package com.samsung.foundation.tag;
import java.io.IOException;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.SimpleTagSupport;
import com.samsung.foundation.util.CommonUtil;
/**
* Cross-Site Scripting(XSS) ??? ?? EscapeTag.<br>
* value ? display ? ?? ????.<br>
* value ? <input type="text"/> ? value ?? ? ??
* <textarea/> ? text ? ?? input ??? 'true' ? ????
* ????('\n')? <br> ? ???? ??? ??.
*
* @since 0.5
*/
public class EscapeTag extends SimpleTagSupport {
private String value; // display ? ?
private String input; // text or textarea ? ?? input ??? 'true'
/**
* ???? &nbsp; ? ???? ???? ?? ?, ???? true.
* @since 1.5
*/
private boolean nbspEscape = true;
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public String getInput() {
return input;
}
public void setInput(String input) {
this.input = input;
}
public void setNbspEscape(boolean nbspEscape) {
this.nbspEscape = nbspEscape;
}
@Override
public void doTag() throws IOException, JspException {
String outputText = null;
if ("true".equals(input)) {
outputText = CommonUtil.safeHtmlEscInput(value);
} else if ("hidden".equals(input)) {
outputText = CommonUtil.safeHtmlEscHidden(value);
} else {
outputText = CommonUtil.safeHtmlEscDisplay(value);
}
if (!nbspEscape) {
outputText = outputText.replace(" ", " ");
}
getJspContext().getOut().print(outputText);
}
}
<tag>
<name>escape</name>
<tag-class>com.samsung.foundation.tag.EscapeTag</tag-class>
<body-content>empty</body-content>
<attribute>
<name>value</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>input</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<description>Since v1.0</description>
<name>nbspEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
import java.security.MessageDigest;
import java.util.Collection;
import java.util.Map;
import java.util.Random;
import java.util.UUID;
public class CommonUtil {
/**
* String ? ??? XML ???? ?? ?? ??(<,>,",',&)? ??<br>
* <input type="text"> 'tag'? ?? ??
*
* @param src
* @return
*/
public static String safeHtmlEscInput(String src) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '<':
out.append("<");
break;
case '>':
out.append(">");
break;
case '"':
out.append(""");
break;
case '\'':
out.append("'");
break;
case '|':
out.append("|");
break;
case '&':
if (i + 1 < len && src.charAt(i + 1) == '#') {
out.append(src.charAt(i));
} else {
out.append("&");
}
break;
case '*':
out.append("*");
break;
case '/':
out.append("/");
break;
case '\t':
out.append("   ");
break;
case ' ':
out.append(" ");
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* value ? null ?? ???? null? ?? 0? return
*
* @param oVal ??? Integer obj
* @return null ? ?? 0, null ? ?? ?? Integer? int value
*/
public static int checkNull(Integer oVal) {
return checkNull(oVal, 0);
}
/**
* value ? null ?? ???? null? ?? 0? return
*
* @param oVal ??? Integer obj
* @param iDefaultValue oVal null ? ?? default ? ???? ?
* @return null ? ?? 0, null ? ?? ?? Integer? int value
*/
public static int checkNull(Integer oVal, int iDefaultValue) {
int iResult = iDefaultValue;
if (oVal != null) {
iResult = oVal.intValue();
}
return iResult;
}
/**
* value ? null ?? ???? ??? ???? return
*
* @param sVal ??? String
* @return null ? ?? "", null ? ?? ?? ??? ??? String
*/
public static String checkNull(String sVal) {
String sResult = "";
if (sVal != null) {
sResult = sVal.trim();
}
return sResult;
}
/**
* value ? null ? ?? defaultValue? return, null ? ?? ?? ??? ???? return
*
* @param sVal ??? String
* @param sDefaultValue sVal? null ? ?? default ? ???? ? (sDefaultValue? null ? ??? ""?? ???)
* @return null ? ?? defaultValue, null ? ?? ?? ??? ??? String
*/
public static String checkNull(String sVal, String sDefaultValue) {
String sResult = "";
if (sDefaultValue != null) {
sResult = sDefaultValue;
}
if (sVal != null && !"".equals(sVal.trim())) {
sResult = sVal.trim();
}
return sResult;
}
/**
* SQL Injection ? ???? Database ? ?? ??? ?? ????.<br>
* "'" ==> "''" ?? ??
* --, ;, % ?? ??
*
* @param sValue ?? ??? ??? ?
* @return SQL Injection ? ??? String
*/
public static String safeSqlInput(String sValue) {
String retValue;
if (sValue == null) {
return null;
}
StringBuilder sbConvertedValue = new StringBuilder();
int iValueLen = sValue.length();
for (int iCount = 0; iCount < iValueLen; iCount++) {
if (sValue.charAt(iCount) == '\'') {
sbConvertedValue.append("'");
} else if (sValue.charAt(iCount) == ';' || sValue.charAt(iCount) == '%') {
continue;
}
sbConvertedValue.append(sValue.charAt(iCount));
}
retValue = sbConvertedValue.toString().replaceAll("--", "");
return retValue;
}
/**
* collection ? null ?? ?? ??? true return
*
* @param collection ??? Collection<?> ??? ????
* @return collection? null ?? ???? ??
*/
public static boolean isEmpty(Collection<?> collection) {
if (collection == null || collection.isEmpty()) {
return true;
}
return false;
}
/**
* String ? null ?? ?????? true return
*
* @param sVal ??? String
* @return value? null ?? ???? ??
*/
public static boolean isEmpty(String sVal) {
if (CommonUtil.checkNull(sVal).equals("")) {
return true;
}
return false;
}
/**
* Returns true if this map is <code>null</code> or contains no key-value mappings.
*
* @param map
* @return true if this map is <code>null</code> or contains no key-value mappings
* @since 1.5
*/
public static boolean isEmpty(Map<?, ?> map) {
return (map == null || map.isEmpty()) ? true : false;
}
/**
* Returns true if this array is <code>null</code> or contains no objects.
*
* @param array
* @return true if this array is <code>null</code> or contains no objects.
* @since 1.5
*/
public static boolean isEmpty(Object[] array) {
return (array == null || array.length == 0) ? true : false;
}
/**
* String ? ??? XML ???? ?? ?? ??(<,>,",',&)? ??<br>
* <input type="hidden"> 'tag'? ?? ??
*
* @param src
* @return
*/
public static String safeHtmlEscHidden(String src) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '<':
out.append("<");
break;
case '>':
out.append(">");
break;
case '"':
out.append(""");
break;
case '\'':
out.append("'");
break;
case '|':
out.append("|");
break;
case '\n':
out.append("<BR>");
break;
case '&':
if (i + 1 < len && src.charAt(i + 1) == '#') {
out.append(src.charAt(i));
} else {
out.append("&");
}
break;
case '*':
out.append("*");
break;
case '/':
out.append("/");
break;
case '\t':
out.append("   ");
break;
case ' ':
out.append(" ");
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* String ? ??? XML ???? ?? ?? ??(",')? ????.<br>
* <td title='data'> ?? html ? quotation ?? ???? ???? ?? ??
*
* @param src
* @return
*/
public static String safeHtmlEscInQuot(String src) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '"':
out.append(""");
break;
case '\'':
out.append("'");
break;
case '&':
if (i + 1 < len && src.charAt(i + 1) == '#') {
out.append(src.charAt(i));
} else {
out.append("&");
}
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* String ? ??? JavaScript? ?? ?? ??(',",\r,\n,\t)? ????.<br>
*
* @param src ??? String
* @param isDoubleQuot ???? ?? 'quotation'? " ?? '??(true ? ")
* @return javaScript? ?? String
*/
public static String safeHtmlEscJavaScript(String src, boolean isDoubleQuot) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '"':
if (isDoubleQuot) {
out.append("\\").append(src.charAt(i));
} else {
out.append(src.charAt(i));
}
break;
case '\'':
if (isDoubleQuot) {
out.append(src.charAt(i));
} else {
out.append("\\").append(src.charAt(i));
}
break;
case '\r':
out.append("\\r");
break;
case '\n':
out.append("\\n");
break;
case '\t':
out.append("\\t");
break;
case '\\':
out.append("\\\\");
break;
case '<':
out.append("\\074");
break;
case '>':
out.append("\\076");
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* 'Quotation'?? Javascript ? ????.<br>
* safeHtmlEscJavaScript ???? " -> \042, ' -> \047 ? ????.<br>
* onclick ="javascript:alert('xxx')" ? ?? ??? ' ? " ? ??? ???? ?? ??? ????? ? ???? ????.
*
* @param src ??? String
* @return javaScript? ?? String
*/
public static String safeHtmlEscJavaScriptInQuot(String src) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '"':
out.append("\\042");
break;
case '\'':
out.append("\\047");
break;
case '\r':
out.append("\\r");
break;
case '\n':
out.append("\\n");
break;
case '\t':
out.append("\\t");
break;
case '\\':
out.append("\\\\");
break;
case '<':
out.append("\\074");
break;
case '>':
out.append("\\076");
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* Escapes '%', '_' and '\' characters. Default ESCAPE character is '\'.
* ESCAPE clause is required in the SQL statement.
*
* @param sValue
* @return
* @since 1.5
*/
public static String safeLikeSearchEscape(String sValue) {
return safeLikeSearchEscape(sValue, '\\');
}
/**
* Escapes '%', '_' and '\' characters.
* ESCAPE clause is required in the SQL statement.
*
* @param sValue
* @param escapeChar
* @return
* @since 1.5
*/
public static String safeLikeSearchEscape(String sValue, char escapeChar) {
if (sValue == null) {
return null;
}
StringBuilder sbConvertedValue = new StringBuilder();
int iValueLen = sValue.length();
for (int iCount = 0; iCount < iValueLen; iCount++) {
char cValue = sValue.charAt(iCount);
if (cValue == '_' || cValue == '%' || cValue == escapeChar) {
sbConvertedValue.append(escapeChar);
}
sbConvertedValue.append(cValue);
}
return sbConvertedValue.toString();
}
/**
* Like ??? ??? ???? ????? Like ??? ?? ??<br>
* "'" ==> "''" ?? ??<br>
* --, ; ?? ??<br>
*
* @param sValue ?? ??? ??? ?
* @return String ??? ? (???? null ?? null ??)
*/
public static String safeLikeSearchInput(String sValue) {
return safeLikeSearchInput(sValue, false);
}
/**
* Like ??? ??? ???? ????? Like ??? ?? ??<br>
* "'" ==> "''" ?? ??<br>
* --, ; ?? ??<br>
* <br>
* ?, ???? useEscape? true ?? ??? like ?? ?? <span color="red">"escape '\'"</span>? ?????.<br>
* "%" ==> "\%" ?? ??<br>
* "_" ==> "\_" ?? ??<br>
* "`" ==> "\`" ?? ??
*
* @param sValue ?? ??? ??? ?
* @param useEscape escape ?? ????
* @return String ??? ? (???? null ?? null ??)
*/
public static String safeLikeSearchInput(String sValue, boolean useEscape) {
String retValue;
if (sValue == null) {
return null;
}
StringBuilder sbConvertedValue = new StringBuilder();
int iValueLen = sValue.length();
for (int iCount = 0; iCount < iValueLen; iCount++) {
char cValue = sValue.charAt(iCount);
// SQL-Injection ??
if (cValue == '\'') {
sbConvertedValue.append("'");
} else if (cValue == ';') {
continue;
}
// Escape ??
else if (useEscape) {
if (cValue == '_' || cValue == '%' || cValue == '\\') {
sbConvertedValue.append("\\");
}
}
sbConvertedValue.append(cValue);
}
retValue = sbConvertedValue.toString().replaceAll("--", "");
return retValue;
}
/**
* String ? ??? XML ???? ?? ?? ??(<,>,",',&)? ????.<br>
* <td>data</td> ?? display ?? tag ? ?? ??
*
* @param src
* @return
*/
public static String safeHtmlEscDisplay(String src) {
if (src == null) {
return "";
}
StringBuilder out = new StringBuilder();
int len = src.length();
for (int i = 0; i < len; i++) {
switch (src.charAt(i)) {
case '<':
out.append("<");
break;
case '>':
out.append(">");
break;
case '"':
out.append(""");
break;
case '\'':
out.append("'");
break;
case '|':
out.append("|");
break;
case '&':
if (i + 1 < len && src.charAt(i + 1) == '#') {
out.append(src.charAt(i));
} else {
out.append("&");
}
break;
case '*':
out.append("*");
break;
case '/':
out.append("/");
break;
case '\n':
out.append("<BR>");
break;
case '\t':
out.append(" ");
break;
case ' ':
out.append(" ");
break;
default:
out.append(src.charAt(i));
}
}
return out.toString();
}
/**
* @param src
* @return
*/
public static String safeHtmlEscDisplayForKindeditor(String src) {
if (src == null) {
return "";
}
src = src.replaceAll("&", "&");
src = src.replaceAll("<", "<");
src = src.replaceAll(">", ">");
src = src.replaceAll("\"", """);
return src;
}
/**
* get uuid for table data id
* @return
* @since 1.0
*/
public static String getUUID(){
String s = UUID.randomUUID().toString();
return s.substring(0,8)+s.substring(9,13)+s.substring(14,18)+s.substring(19,23)+s.substring(24);
}
/**
* get random number -zq.wu
* @param nRandomCount
* @param isNumber
* @return
* @since 1.0
*/
public static String getRandomString(int nRandomCount, boolean isNumber) {
char[] a = null;
if (isNumber) {
a = new char[10];
for (int i = 48, j = 0; i <= 57; i++, j++) {
a[j] = (char) i;
}
} else {
// ASCII 48~57,String 0~9;
// ASCII 65~90,String A-Z;
// ASCII 97~122,String a-z;
a = new char[62];
for (int i = 48, j = 0; i <= 122; i++) {
if ((i > 57 && i < 65) || (i > 90 && i < 97)) {
continue;
} else {
a[j] = (char) i;
j++;
}
}
}
String strRand = "";
int LengthOfRandom = a.length;
Random random = new Random();
for (int i = 0; i < nRandomCount; i++) {
int nRand = random.nextInt(LengthOfRandom);
strRand += a[nRand];
}
return strRand;
}
public static String getEncryptPassword(String str) {
MessageDigest messageDigest = null;
try {
messageDigest = MessageDigest.getInstance("MD5");
messageDigest.reset();
messageDigest.update(str.getBytes("UTF-8"));
}catch (Exception e) {
e.printStackTrace();
}
byte[] byteArray = messageDigest.digest();
StringBuffer md5StrBuff = new StringBuffer();
for (int i = 0; i < byteArray.length; i++) {
if (Integer.toHexString(0xFF & byteArray[i]).length() == 1)
md5StrBuff.append("0").append(Integer.toHexString(0xFF & byteArray[i]));
else
md5StrBuff.append(Integer.toHexString(0xFF & byteArray[i]));
}
return md5StrBuff.toString();
}
/**
* 将驼峰式命名的字符串转换为下划线大写方式。如果转换前的驼峰式命名的字符串为空,则返回空字符串。</br>
* 例如:HelloWorld->HELLO_WORLD
* @param name 转换前的驼峰式命名的字符串
* @return 转换后下划线大写方式命名的字符串
*/
public static String underscoreName(String name) {
StringBuilder result = new StringBuilder();
if (name != null && name.length() > 0) {
// 将第一个字符处理成大写
result.append(name.substring(0, 1).toUpperCase());
// 循环处理其余字符
for (int i = 1; i < name.length(); i++) {
String s = name.substring(i, i + 1);
// 在大写字母前添加下划线
if (s.equals(s.toUpperCase()) && !Character.isDigit(s.charAt(0))) {
result.append("_");
}
// 其他字符直接转成大写
result.append(s.toUpperCase());
}
}
return result.toString();
}
/**
* 将下划线大写方式命名的字符串转换为驼峰式。如果转换前的下划线大写方式命名的字符串为空,则返回空字符串。</br>
* 例如:HELLO_WORLD->HelloWorld
* @param name 转换前的下划线大写方式命名的字符串
* @return 转换后的驼峰式命名的字符串
*/
public static String camelName(String name) {
StringBuilder result = new StringBuilder();
// 快速检查
if (name == null || name.isEmpty()) {
// 没必要转换
return "";
} else if (!name.contains("_")) {
// 不含下划线,仅将首字母小写
return name.substring(0, 1).toLowerCase() + name.substring(1);
}
// 用下划线将原始字符串分割
String camels[] = name.split("_");
for (String camel : camels) {
// 跳过原始字符串中开头、结尾的下换线或双重下划线
if (camel.isEmpty()) {
continue;
}
// 处理真正的驼峰片段
if (result.length() == 0) {
// 第一个驼峰片段,全部字母都小写
result.append(camel.toLowerCase());
} else {
// 其他的驼峰片段,首字母大写
result.append(camel.substring(0, 1).toUpperCase());
result.append(camel.substring(1).toLowerCase());
}
}
return result.toString();
}
public static void main(String arg[]){
String randStr = getRandomString(32,false);
System.out.println(randStr + " \n"+randStr.length());
String pass = "111111"+randStr;
String enPass = getEncryptPassword(pass);
System.out.println( enPass+ " \n"+enPass.length());
}
}
package com.samsung.foundation.util;
public class FoundationUtil {
/**
* Escapes '%', '_' and '\' characters. Default ESCAPE character is '\'.
* ESCAPE clause is required in the SQL statement.
*
* @param sValue
* @return
* @since 1.5
*/
public static String safeLikeSearchEscape(String sValue) {
return safeLikeSearchEscape(sValue, '\\');
}
/**
* Escapes '%', '_' and the <code>escapeChar</code> characters.
* ESCAPE clause is required in the SQL statement.
*
* @param sValue
* @param escapeChar
* @return
* @since 1.5
*/
public static String safeLikeSearchEscape(String sValue, char escapeChar) {
if (sValue == null) {
return null;
}
StringBuilder sbConvertedValue = new StringBuilder();
int iValueLen = sValue.length();
for (int iCount = 0; iCount < iValueLen; iCount++) {
char cValue = sValue.charAt(iCount);
if (cValue == '_' || cValue == '%' || cValue == escapeChar) {
sbConvertedValue.append(escapeChar);
}
sbConvertedValue.append(cValue);
}
return sbConvertedValue.toString();
}
}
package com.samsung.foundation.tag;
import java.io.IOException;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.SimpleTagSupport;
import com.samsung.foundation.util.CommonUtil;
/**
* Cross-Site Scripting(XSS) ??? ?? EscapeTag.<br>
* value ? display ? ?? ????.<br>
* value ? <input type="text"/> ? value ?? ? ??
* <textarea/> ? text ? ?? input ??? 'true' ? ????
* ????('\n')? <br> ? ???? ??? ??.
*
* @since 0.5
*/
public class EscapeTag extends SimpleTagSupport {
private String value; // display ? ?
private String input; // text or textarea ? ?? input ??? 'true'
/**
* ???? &nbsp; ? ???? ???? ?? ?, ???? true.
* @since 1.5
*/
private boolean nbspEscape = true;
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public String getInput() {
return input;
}
public void setInput(String input) {
this.input = input;
}
public void setNbspEscape(boolean nbspEscape) {
this.nbspEscape = nbspEscape;
}
@Override
public void doTag() throws IOException, JspException {
String outputText = null;
if ("true".equals(input)) {
outputText = CommonUtil.safeHtmlEscInput(value);
} else if ("hidden".equals(input)) {
outputText = CommonUtil.safeHtmlEscHidden(value);
} else {
outputText = CommonUtil.safeHtmlEscDisplay(value);
}
if (!nbspEscape) {
outputText = outputText.replace(" ", " ");
}
getJspContext().getOut().print(outputText);
}
}
<tag>
<name>escape</name>
<tag-class>com.samsung.foundation.tag.EscapeTag</tag-class>
<body-content>empty</body-content>
<attribute>
<name>value</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>input</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<description>Since v1.0</description>
<name>nbspEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>