diff options
Diffstat (limited to 'ecomp-sdk/sdk-analytics/src/main/java/org/openecomp/portalsdk/analytics/util/XSSFilter.java')
-rw-r--r-- | ecomp-sdk/sdk-analytics/src/main/java/org/openecomp/portalsdk/analytics/util/XSSFilter.java | 90 |
1 files changed, 0 insertions, 90 deletions
diff --git a/ecomp-sdk/sdk-analytics/src/main/java/org/openecomp/portalsdk/analytics/util/XSSFilter.java b/ecomp-sdk/sdk-analytics/src/main/java/org/openecomp/portalsdk/analytics/util/XSSFilter.java deleted file mode 100644 index e6d01994..00000000 --- a/ecomp-sdk/sdk-analytics/src/main/java/org/openecomp/portalsdk/analytics/util/XSSFilter.java +++ /dev/null @@ -1,90 +0,0 @@ -/*- - * ================================================================================ - * eCOMP Portal SDK - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ================================================================================ - */ -package org.openecomp.portalsdk.analytics.util; - - /** - * - * This class is used to filter javascript tags to avoid XSS attacks. - */ -public class XSSFilter { - - // private static String[] filterChars = { "<", ">", "<", ">", "\"", "\\", "0x" }; -// private static String[] replacementChars = { " ", " ", " ", " ", "'", "/", "0 x" }; - -/* public static synchronized String filterRequest(String param) { - String value = param; - - if (param != null) { - - for (int i = 0; i < filterChars.length; i++) { - value = filterCharacters(filterChars[i], replacementChars[i], - value); - } - - } - - return value; - - } -*/ - - public static synchronized String filterRequestOnlyScript(String param) { - String value = ""; - value = nvl(param); - value = value.replaceAll("<[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", ""); - value = value.replaceAll("</[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", ""); - value = value.replaceAll("[\\s]*[jJ][\\s]*[aA][\\s]*[vV][\\s]*[aA][\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*", ""); - return value; - } - public static synchronized String filterRequest (String param) { - String value = ""; - value = nvl(param); - value = value.replaceAll("<[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", ""); - value = value.replaceAll("</[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", ""); - value = value.replaceAll("[\\s]*[jJ][\\s]*[aA][\\s]*[vV][\\s]*[aA][\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*", ""); - value = value.replaceAll("[\\s]*<", ""); - value = value.replaceAll("[\\s]*>", ""); - - return value; - } - -// private static synchronized String filterCharacters(String originalChar, String newChar, -// String param) { -// StringBuffer sb = new StringBuffer(param); -// -// for (int position = param.toLowerCase().indexOf(originalChar); position >= 0;) { -// sb.replace(position, position + originalChar.length(), newChar); -// param = sb.toString(); -// position = param.toLowerCase().indexOf(originalChar); -// } -// -// return sb.toString(); -// } - - public static void main (String args[]) { - String value = XSSFilter.filterRequest("<s\nC\nr\nI\np\nT\n>\na\nl\ne\nr\nt\n('sundar');</SCRIPT>javascript:alert('Sundar');"); - int i = Integer.parseInt("8989"); - System.out.println(value); - } - - private static String nvl(String s) { - return (s == null) ? "" : s; - } -} |