728x90
반응형
Controller에서 Service호출
리스트를 List유틸로 보내고 다시 받자. List resultList = (List) XssUtil.requestToMap(resultListRd);
List resultListRd = boarddbService.selectList(searchVO);
public class XssUtil {
protected static Logger log = Logger.getLogger(ListUtil.class.getName());
public static List convertMap(List requestList) {
log.debug("### ListUtil 시작---------------------------------------------------------------");
List rtnList = new ArrayList();
try {
Iterator resultIterator = requestList.iterator();
int i = 0;
while (resultIterator.hasNext()) {
ListOrderedMap oderKeyMap = (ListOrderedMap) resultIterator.next();
log.debug("### ListUtil 1for문 ###" + "Row["+i+"]의 모든 값 oderKeyMap ==" + oderKeyMap);
// String idRd = String.valueOf(oderKeyMap.get("id"));
// int id = Integer.parseInt(idRd);
// log.debug("### ListUtil 1for문 ### id == " + id);
// StringBuffer StrBuf = new StringBuffer();
EgovMap colMap = new EgovMap();
int j = 0;
Set key = oderKeyMap.keySet();
for (Iterator iterator = key.iterator(); iterator.hasNext();) {
String keyName = (String) iterator.next();
Object valueName = (Object) oderKeyMap.get(keyName);
if (valueName == null || ("").equals(valueName.toString())) {
valueName = "";
}
if ((valueName.toString().trim().toLowerCase().contains("<"))) { valueName.toString().replaceAll("<", "<"); }
if ((valueName.toString().trim().toLowerCase().contains(">"))) { valueName.toString().replaceAll(">", ">"); }
if ((valueName.toString().trim().toLowerCase().contains("""))) { valueName.toString().replaceAll(""", "\""); }
if ((valueName.toString().trim().toLowerCase().contains("'"))) { valueName.toString().replaceAll("'", "'"); }
if ((valueName.toString().trim().toLowerCase().contains("&"))) { valueName.toString().replaceAll("&", "&"); }
if ((valueName.toString().trim().toLowerCase().contains("eval\\((.*)\\)"))) { valueName.toString().replaceAll("eval\\((.*)\\)", ""); }
if ((valueName.toString().trim().toLowerCase().contains("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']"))) { valueName.toString().replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\""); }
if ((valueName.toString().trim().toLowerCase().contains("vbscript"))) { valueName.toString().replaceAll("[\\\"\\'][\\s]*vbscript:(.*)[\\\"\\']", "\"\"");}
if ((valueName.toString().trim().toLowerCase().contains("document"))) { valueName.toString().replaceAll("document", "document.cookie");}
if ((valueName.toString().trim().toLowerCase().contains("document.cookie"))) { valueName.toString().replaceAll("document.cookie", "document.cookie");}
if ((valueName.toString().trim().toLowerCase().contains(""))) { valueName.toString().replaceAll("script>", "script>"); }
if ((valueName.toString().trim().toLowerCase().contains("", "& gt;"); }
if ((valueName.toString().trim().toLowerCase().contains("\\(& #40;"))) { valueName.toString().replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;"); }
if ((valueName.toString().trim().toLowerCase().contains("'"))) { valueName.toString().replaceAll("'", "& #39;"); }
if ((valueName.toString().trim().toLowerCase().contains("eval\\((.*)\\)"))) { valueName.toString().replaceAll("eval\\((.*)\\)", ""); }
if ((valueName.toString().trim().toLowerCase().contains("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']"))) { valueName.toString().replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\""); }
if ((valueName.toString().trim().toLowerCase().contains("script"))) { valueName.toString().replaceAll("script", ""); }
log.debug("### ListUtil 2for문 ###" + "Row["+i+"]의 ###colMap["+j+"] ### keyName == ["+keyName+"] ### colValue Return Type== ["+valueName.getClass().getName()+"] ### colValue == ["+valueName+"]");
colMap.put(keyName, valueName);
j++;
}
rtnList.add((EgovMap) colMap);
i++;
}
} catch (Exception e) {
log.debug("### ListUtil Exception : \n" + e);
}
log.debug("### ListUtil 끝---------------------------------------------------------------");
return rtnList;
}
}
반응형