본문 바로가기
Java

Java - HTML 문자 Escape 하기

by Dokon Jang 2021. 2. 3.
반응형

JSP로 게시판을 등에서 사용자가 입력한 문자에 HTML Tag와 Javascript를 입력하여 리다이렉트를 시키는 경우가 있습니다.
이러한 크로스사이트 스크립팅을 방지하기 위해서 게시판 내용의 HTML을 Escape 처리해야 합니다.
아파치 프로젝트 중 Common Lang에서 이러한 작업을 할 수 있습니다.

1. Common Lang Jar 파일을 다운로드하기 위해서 아래의 URL에 방문하세요.

https://commons.apache.org/proper/commons-lang/download_lang.cgi

 

Lang – Download Apache Commons Lang

Download Apache Commons Lang Using a Mirror We recommend you use a mirror to download our release builds, but you must verify the integrity of the downloaded files using signatures downloaded from our main distribution directories. Recent releases (48 hour

commons.apache.org

2. Common Lang Jar 파일 다운로드

 

3. 클립스 프로젝트에 Jar를 Libraries에 추가하세요.

 

4. 예제 코드

import org.apache.commons.lang.StringEscapeUtils;

public class HtmlEscapeTest {

	public static void main(String[] args) {

		String html = "<script>alert('Test');</script>";
		
		String escapeHtml = StringEscapeUtils.escapeHtml(html);
		System.out.println("Escape : " + escapeHtml);
		
		String unescapeHtml = StringEscapeUtils.unescapeHtml(escapeHtml);
		System.out.println("UnEscape : " + unescapeHtml);
	}

}

 

5. 실행 결과

Escape : &lt;script&gt;alert('Test');&lt;/script&gt;
UnEscape : <script>alert('Test');</script>
반응형

댓글