<%@ page contentType="text/html;charset=GBK" %> <%@ page import="java.util.*"%> <%@ page import="java.io.*"%> <%@ page import="java.lang.reflect.Field"%> <%@ page import="com.gpower.util.*"%> <%@ page import="com.gpower.services.user.provider.hibernate.entity.HibernateUser"%> 中国农业科学院油料作物研究所

用户登录

<%! //去掉了对 ://的过滤 private String filteXSS(String queryString) { if(null==queryString ){ return null; } if(queryString.length()<1){ return ""; } String result = queryString; String rep = ""; //过滤敏感符号的url编码 result = result.replaceAll("%3c", rep); result = result.replaceAll("%3e", rep); result = result.replaceAll("%22", rep); result = result.replaceAll("%27", rep); result = result.replaceAll("%3d", rep); //= // result = result.replaceAll("%2f", rep); // /左斜线 // result = result.replaceAll("%3a", rep); // :冒号 // result = result.replaceAll("%3f", rep); // :冒号 //result = result.replaceAll("%25", rep); //过滤敏感符号 result = result.replaceAll("/[\\s]{0,20}>", rep); result = result.replaceAll("<[\\s]{0,20}/", rep); result = result.replaceAll("<", rep); result = result.replaceAll(">", rep); result = result.replaceAll("\"", rep); //result = result.replaceAll("%", rep); result = result.replaceAll("'", rep); result = result.replaceAll("=", rep); // result = result.replaceAll("/", rep); // result = result.replaceAll(":", rep); result = result.replace("*", rep); result = result.replace(".", rep); result = result.replace("?", rep); //过滤js方法(忽略大小写) result = result.replaceAll("(?i)onclick", rep); result = result.replaceAll("(?i)ondblclick", rep); result = result.replaceAll("(?i)onmousedown", rep); result = result.replaceAll("(?i)onmouseup", rep); result = result.replaceAll("(?i)onmouseover", rep); result = result.replaceAll("(?i)onmousemove", rep); result = result.replaceAll("(?i)onkeypress", rep); result = result.replaceAll("(?i)onkeydown", rep); result = result.replaceAll("(?i)onkeyup", rep); result = result.replaceAll("(?i)onabort", rep); result = result.replaceAll("(?i)onbeforeunload", rep); result = result.replaceAll("(?i)onerror", rep); result = result.replaceAll("(?i)onload", rep); result = result.replaceAll("(?i)onmove", rep); result = result.replaceAll("(?i)onresize", rep); result = result.replaceAll("(?i)onscroll", rep); result = result.replaceAll("(?i)onstop", rep); result = result.replaceAll("(?i)onunload", rep); result = result.replaceAll("(?i)onblur", rep); result = result.replaceAll("(?i)onchange", rep); result = result.replaceAll("(?i)onfocus", rep); result = result.replaceAll("(?i)onreset", rep); result = result.replaceAll("(?i)onsubmit", rep); result = result.replaceAll("(?i)onbounce", rep); result = result.replaceAll("(?i)onfinish", rep); result = result.replaceAll("(?i)onstart", rep); result = result.replaceAll("(?i)onbeforecopy", rep); result = result.replaceAll("(?i)onbeforecut", rep); result = result.replaceAll("(?i)onbeforeeditfocus", rep); result = result.replaceAll("(?i)onbeforepaste", rep); result = result.replaceAll("(?i)onbeforeupdate", rep); result = result.replaceAll("(?i)oncontextmenu", rep); result = result.replaceAll("(?i)oncopy", rep); result = result.replaceAll("(?i)oncut", rep); result = result.replaceAll("(?i)ondrag", rep); result = result.replaceAll("(?i)ondragdrop", rep); result = result.replaceAll("(?i)ondragend", rep); result = result.replaceAll("(?i)ondragenter", rep); result = result.replaceAll("(?i)ondragleave", rep); result = result.replaceAll("(?i)ondragover", rep); result = result.replaceAll("(?i)ondragstart", rep); result = result.replaceAll("(?i)ondrop", rep); result = result.replaceAll("(?i)onlosecapture", rep); result = result.replaceAll("(?i)onpaste", rep); result = result.replaceAll("(?i)onselect", rep); result = result.replaceAll("(?i)onselectstart", rep); result = result.replaceAll("(?i)onafterupdate", rep); result = result.replaceAll("(?i)oncellchange", rep); result = result.replaceAll("(?i)ondataavailable", rep); result = result.replaceAll("(?i)ondatasetcomplete", rep); result = result.replaceAll("(?i)onerrorupdate", rep); result = result.replaceAll("(?i)onrowenter", rep); result = result.replaceAll("(?i)onrowexit", rep); result = result.replaceAll("(?i)onrowsdelete", rep); result = result.replaceAll("(?i)onrowsinserted", rep); result = result.replaceAll("(?i)onafterprint", rep); result = result.replaceAll("(?i)onbeforeprint", rep); result = result.replaceAll("(?i)onfilterchange", rep); result = result.replaceAll("(?i)onhelp", rep); result = result.replaceAll("(?i)onpropertychange", rep); result = result.replaceAll("(?i)onreadystatechange", rep); result = result.replaceAll("(?i)alert", rep); result = result.replaceAll("(?i)prompt", rep); result = result.replaceAll("(?i)confirm", rep); result = result.replaceAll("(?i)eval", rep); result = result.replaceAll("(?i)window", rep); result = result.replaceAll("(?i)style", rep); //result = result.replaceAll("(?i)script", rep); filter pattern like SCRscriptIPT while(result.toLowerCase().indexOf("script")>0){ result = result.replaceAll("(?i)script", ""); } while(result.toLowerCase().indexOf("expression")>0){ result = result.replaceAll("(?i)expression", ""); } //modified by xuln17 201506111021 result = result.replace("(", rep); result = result.replace(")", rep); return result; } %>

用户登录


通信地址:湖北省武汉市武昌区徐东二路2号

邮编:430062 | 联系电话:027-86811837 | 传真:027-86816451

技术支持:中国农业科学院农业信息研究所

鄂公网安备42010602000773号

扫码关注

中国农业科学院油料作物研究所网权所有   Powered by 027.net  鄂ICP备05004334