728x90
반응형
Controller에서 Service호출
리스트를 List유틸로 보내고 다시 받자. List resultList = (List) XssUtil.requestToMap(resultListRd);
List resultListRd = boarddbService.selectList(searchVO);
public class XssUtil { protected static Logger log = Logger.getLogger(ListUtil.class.getName()); public static List convertMap(List requestList) { log.debug("### ListUtil 시작---------------------------------------------------------------"); List rtnList = new ArrayList(); try { Iterator resultIterator = requestList.iterator(); int i = 0; while (resultIterator.hasNext()) { ListOrderedMap oderKeyMap = (ListOrderedMap) resultIterator.next(); log.debug("### ListUtil 1for문 ###" + "Row["+i+"]의 모든 값 oderKeyMap ==" + oderKeyMap); // String idRd = String.valueOf(oderKeyMap.get("id")); // int id = Integer.parseInt(idRd); // log.debug("### ListUtil 1for문 ### id == " + id); // StringBuffer StrBuf = new StringBuffer(); EgovMap colMap = new EgovMap(); int j = 0; Set key = oderKeyMap.keySet(); for (Iterator iterator = key.iterator(); iterator.hasNext();) { String keyName = (String) iterator.next(); Object valueName = (Object) oderKeyMap.get(keyName); if (valueName == null || ("").equals(valueName.toString())) { valueName = ""; } if ((valueName.toString().trim().toLowerCase().contains("<"))) { valueName.toString().replaceAll("<", "<"); } if ((valueName.toString().trim().toLowerCase().contains(">"))) { valueName.toString().replaceAll(">", ">"); } if ((valueName.toString().trim().toLowerCase().contains("""))) { valueName.toString().replaceAll(""", "\""); } if ((valueName.toString().trim().toLowerCase().contains("'"))) { valueName.toString().replaceAll("'", "'"); } if ((valueName.toString().trim().toLowerCase().contains("&"))) { valueName.toString().replaceAll("&", "&"); } if ((valueName.toString().trim().toLowerCase().contains("eval\\((.*)\\)"))) { valueName.toString().replaceAll("eval\\((.*)\\)", ""); } if ((valueName.toString().trim().toLowerCase().contains("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']"))) { valueName.toString().replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\""); } if ((valueName.toString().trim().toLowerCase().contains("vbscript"))) { valueName.toString().replaceAll("[\\\"\\'][\\s]*vbscript:(.*)[\\\"\\']", "\"\"");} if ((valueName.toString().trim().toLowerCase().contains("document"))) { valueName.toString().replaceAll("document", "document.cookie");} if ((valueName.toString().trim().toLowerCase().contains("document.cookie"))) { valueName.toString().replaceAll("document.cookie", "document.cookie");} if ((valueName.toString().trim().toLowerCase().contains(""))) { valueName.toString().replaceAll("script>", "script>"); } if ((valueName.toString().trim().toLowerCase().contains("", "& gt;"); } if ((valueName.toString().trim().toLowerCase().contains("\\(& #40;"))) { valueName.toString().replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;"); } if ((valueName.toString().trim().toLowerCase().contains("'"))) { valueName.toString().replaceAll("'", "& #39;"); } if ((valueName.toString().trim().toLowerCase().contains("eval\\((.*)\\)"))) { valueName.toString().replaceAll("eval\\((.*)\\)", ""); } if ((valueName.toString().trim().toLowerCase().contains("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']"))) { valueName.toString().replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\""); } if ((valueName.toString().trim().toLowerCase().contains("script"))) { valueName.toString().replaceAll("script", ""); } log.debug("### ListUtil 2for문 ###" + "Row["+i+"]의 ###colMap["+j+"] ### keyName == ["+keyName+"] ### colValue Return Type== ["+valueName.getClass().getName()+"] ### colValue == ["+valueName+"]"); colMap.put(keyName, valueName); j++; } rtnList.add((EgovMap) colMap); i++; } } catch (Exception e) { log.debug("### ListUtil Exception : \n" + e); } log.debug("### ListUtil 끝---------------------------------------------------------------"); return rtnList; } }
728x90
반응형