Created
March 25, 2011 01:02
-
-
Save seyan/886197 to your computer and use it in GitHub Desktop.
XSS対策:HTMLエスケープメソッド
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mport static org.junit.Assert.assertEquals; | |
import org.junit.Test; | |
public class EscapeHtmlTest { | |
/** | |
* 引数で与えられた文字列にHTMLエスケープを行った結果文字列を返す | |
* @param str | |
* @return | |
*/ | |
private static String escapeHTML(String str){ | |
// 文字列の結合を繰り返すため、StringBuffer(可変の文字列を扱う)を使用 | |
StringBuffer escapeStr = new StringBuffer(); | |
for(int i=0; i < str.length(); i++){ | |
char c = str.charAt(i); | |
if(c == '<'){ | |
escapeStr.append("<"); | |
} | |
else if(c == '>'){ | |
escapeStr.append(">"); | |
} | |
else if(c == '&'){ | |
escapeStr.append("&"); | |
} | |
else if(c == '"'){ | |
escapeStr.append("""); | |
} | |
else if(c == '\''){ | |
escapeStr.append("'"); | |
} | |
else{ | |
escapeStr.append(c); | |
} | |
} | |
return escapeStr.toString(); | |
} | |
@Test | |
public void testEscapeHTML() throws Exception{ | |
assertEquals(escapeHTML("abcdefg"), "abcdefg"); | |
assertEquals(escapeHTML("試験テスト"), "試験テスト"); | |
assertEquals(escapeHTML("<script>alert('test');</script>&url=http://test") | |
,"<script>alert('test');</script>&url=http://test"); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment