본문 바로가기
Tools

Cross Site Scripting (XSS, 크로스 사이트 스크립팅)

by 수앙 2011. 9. 11.

자바스크립트를 이용하여 다른 사용자의 쿠키 정보를 빼와서 해킹에 사용된다는 의미이다.

 

예방법

1. xssProtect-0.1.jar 이용

http://code.google.com/p/xssprotect/

 

Google Code Archive - Long-term storage for Google Code Project Hosting.

 

code.google.com

public String protectAgainstXSS(String html) {
     StringReader reader = new StringReader(html);
     StringWriter writer = new StringWriter();

	 try {
		// Parse incoming string from the "html" variable
		HTMLParser.process(reader, writer, new XSSFilter(), true);

		// Return the parsed and cleaned up string
		return writer.toString();
	} catch (HandlingException e) {
		// Handle the error here in accordance with your coding policies...
	}
}

 

2. HTMLInputFilter.java 이용

http://josephoconnell.com/java/xss-html-filter/

 

XSS HTML Filter: A Java library for protecting against cross site scripting

HTML filtering utility for Java This utility is a single class, HTMLInputFilter, which can be used to parse user-submitted input and sanitize it against potential cross site scripting attacks, malicious html, or simply badly formed html. This version, writ

josephoconnell.com

String input = ... String clean = new HTMLInputFilter().filter(input);

 

끝.

댓글