728x90
반응형
public static BoardVO convertVO(BoardVO vo) {
BoardVO tempVO = new BoardVO();
try {
Object obj = vo;
int i = 0;
for (Field field : obj.getClass().getDeclaredFields()) {
field.setAccessible(true);
String keyName = field.getName();
Object valueName = field.get(obj);
if (valueName == null || ("").equals(valueName.toString())) {
valueName = "";
}
if ((valueName.toString().toLowerCase().contains("<"))) { valueName.toString().replaceAll("<", "<"); }
if ((valueName.toString().toLowerCase().contains(">"))) { valueName.toString().replaceAll(">", ">"); }
if ((valueName.toString().toLowerCase().contains("""))) { valueName.toString().replaceAll(""", "\""); }
if ((valueName.toString().toLowerCase().contains("'"))) { valueName.toString().replaceAll("'", "'"); }
if ((valueName.toString().toLowerCase().contains("&"))) { valueName.toString().replaceAll("&", "&"); }
if ((valueName.toString().toLowerCase().contains("eval\\((.*)\\)"))) { valueName.toString().replaceAll("eval\\((.*)\\)", ""); }
if ((valueName.toString().toLowerCase().contains("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']"))) { valueName.toString().replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\""); }
if ((valueName.toString().toLowerCase().contains("vbscript"))) { valueName.toString().replaceAll("[\\\"\\'][\\s]*vbscript:(.*)[\\\"\\']", "\"\""); }
if ((valueName.toString().toLowerCase().contains("document"))) { valueName.toString().replaceAll("document", "document.cookie"); }
if ((valueName.toString().toLowerCase().contains("document.cookie"))) { valueName.toString().replaceAll("document.cookie", "document.cookie"); }
if ((valueName.toString().toLowerCase().contains("<script"))) { valueName.toString().replaceAll("<script", "<script"); }
if ((valueName.toString().toLowerCase().contains("script>"))) { valueName.toString().replaceAll("script>", "script>"); }
if ((valueName.toString().toLowerCase().contains("<iframe"))) { valueName.toString().replaceAll("<iframe", "<iframe"); }
if ((valueName.toString().toLowerCase().contains("<object"))) { valueName.toString().replaceAll("<object", "<object"); }
if ((valueName.toString().toLowerCase().contains("<embed"))) { valueName.toString().replaceAll("<embed", "<embed"); }
if ((valueName.toString().toLowerCase().contains("onload"))) { valueName.toString().replaceAll("onload", "no_onload"); }
if ((valueName.toString().toLowerCase().contains("expression"))) { valueName.toString().replaceAll("expression", "no_expression"); }
if ((valueName.toString().toLowerCase().contains("onmouseover"))) { valueName.toString().replaceAll("onmouseover", "no_onmouseover"); }
if ((valueName.toString().toLowerCase().contains("onclick"))) { valueName.toString().replaceAll("onclick", "no_onclick"); }
if ((valueName.toString().toLowerCase().contains("<"))) { valueName.toString().replaceAll("<", "& lt;").replaceAll(">", "& gt;"); }
if ((valueName.toString().toLowerCase().contains("\\(& #40;"))) { valueName.toString().replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;"); }
if ((valueName.toString().toLowerCase().contains("'"))) { valueName.toString().replaceAll("'", "& #39;"); }
if ((valueName.toString().toLowerCase().contains("eval\\((.*)\\)"))) { valueName.toString().replaceAll("eval\\((.*)\\)", ""); }
if ((valueName.toString().toLowerCase().contains("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']"))) { valueName.toString().replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\""); }
if ((valueName.toString().toLowerCase().contains("script"))) { valueName.toString().replaceAll("script", ""); }
log.debug("### convertVO for문 ###" + "VO의["+i+"]번째 ### keyName == ["+keyName+"] ### colValue ReturnType== ["+valueName.getClass().getName()+"] ### colValue == ["+valueName+"]");
i++;
}
} catch (Exception e) {
e.printStackTrace();
}
return tempVO;
}
출처: http://hclee2575.tistory.com [순수한 소년의 스토리]
728x90
반응형