package me.test;
import com.google.common.base.Throwables;
import org.apache.commons.lang3.StringEscapeUtils;
import org.jsoup.Jsoup;
import org.jsoup.safety.Whitelist;
import org.owasp.html.*;
import org.owasp.html.examples.EbayPolicyExample;
import org.owasp.validator.html.*;
import java.io.IOException;
import java.io.InputStream;
public class Test123 {
static final String drityInput = "<script>alert(1)</script>"
+ "<a href='#bb' data-one='1' class='aa bb' style='z-index:999; width:100%; aa:bb;display:block;overflow:hidden;color:red;' onclick='xxx'>aa 汉字。「,,,</a>"
+ "<p align='center' style='z-index:999; width:100%; align:left;display:block;overflow:hidden;color:red;'>1111 </p>"
+ "<iframe src='javascript:xxx'></iframe>"
+ "<xxx>xxx 中文。「,,,= ="
+ "<script/>alert('111');<script/> </xxx>";
public static void main(String[] args) throws ScanException, PolicyException {
System.out.println("------------------------------------------ testJsoup()");
testJsoup();
System.out.println("------------------------------------------ testAntiSamy()");
testAntiSamy();
System.out.println("------------------------------------------ testHtmlSanitizer()");
testHtmlSanitizer();
}
public static void testJsoup() {
String safe = Jsoup.clean(drityInput, Whitelist.basic());
System.out.println(safe);
}
public static void testAntiSamy() throws PolicyException, ScanException {
InputStream prolicyIn = Test123.class.getResourceAsStream("antisamy-ebay-1.4.4.xml");
Policy policy = Policy.getInstance(prolicyIn);
AntiSamy as = new AntiSamy();
// 输出: <a href="#bb" style="width: 100.0%;">aa</a> xxx
CleanResults cr = as.scan(drityInput, policy, AntiSamy.SAX);
String cleanResult = cr.getCleanHTML();
System.out.println(cleanResult);
}
public static void testHtmlSanitizer() {
StringBuilder buf = new StringBuilder();
HtmlStreamRenderer renderer = HtmlStreamRenderer.create(
buf,
// Receives notifications on a failure to write to the output.
new Handler<IOException>() {
public void handle(IOException ex) {
Throwables.propagate(ex); // System.out suppresses IOExceptions
}
},
// Our HTML parser is very lenient, but this receives notifications on
// truly bizarre inputs.
new Handler<String>() {
public void handle(String x) {
throw new AssertionError(x);
}
});
HtmlSanitizer.sanitize(drityInput, EbayPolicyExample.POLICY_DEFINITION.apply(renderer));
System.out.println(buf);
System.out.println(StringEscapeUtils.unescapeHtml4(buf.toString()));
}
}