xss攻击如何修复

xss攻击的修复方案：

1.对输入的数据进行HTML转义，使其不会识别为可执行脚本，例如：

Stringresult=HtmlUtils.htmlEscape(source);

2.根据白名单的标签和属性对数据进行过滤，对可执行的脚本进行清除，例如：

<!--https://mvnrepository.com/artifact/org.jsoup/jsoup-->
<dependency>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<version>1.13.1</version>
</dependency>

Stringresult=Jsoup.clean(source,Whitelist.basic());

//默认的基础白名单配置
publicstaticWhitelistbasic(){
returnnewWhitelist()
.addTags(
"a","b","blockquote","br","cite","code","dd","dL","dt","em",
"i","Li","oL","p","pre","q","small","span","strike","strong","sub"
"sup","U","uL")
.addAttributes(tag:"a",...attributes:"href")
.addAttributes(tag:”bLockquote",...attributes:"cite")
.addAttributes(tag:"q",...attritoutes:"cite")
.addProtocols(tag:"a",attribute:"href",...potocols:"ftp","http","https","mailto")
.addProtocols(tag:"bLockquote",attribute:"cite",...protocolo:"http","https")
.addProtocols(tag:"cite",attribute:"cite",...protocols:"http","https")
.addEnforcedAttribute(tag:"a",attribute:"rel",value:"nofollow")
;
}