← Каталог
Рекомендации по разработке на Java — 12.4. Защита от XSS
Фрагмент из «Рекомендации по разработке на Java»: 12.4. Защита от XSS.
@Controller
public class CommentController {
@GetMapping("/comments")
public String showComments(Model model) {
List<Comment> comments = commentRepository.findAll();
// Экранирование текста комментариев
List<Comment> safeComments = comments.stream()
.map(comment -> new Comment(
comment.getId(),
escapeHtml(comment.getAuthor()),
escapeHtml(comment.getText())
))
.collect(Collectors.toList());
model.addAttribute("comments", safeComments);
return "comments";
}
private String escapeHtml(String input) {
if (input == null) return null;
return input.replace("&", "&")
.replace("<", "<")
.replace(">", ">")
.replace("\"", """)
.replace("'", "'");
}
}@Controller
public class CommentController {
@GetMapping("/comments")
public String showComments(Model model) {
List<Comment> comments = commentRepository.findAll();
// Экранирование текста комментариев
List<Comment> safeComments = comments.stream()
.map(comment -> new Comment(
comment.getId(),
escapeHtml(comment.getAuthor()),
escapeHtml(comment.getText())
))
.collect(Collectors.toList());
model.addAttribute("comments", safeComments);
return "comments";
}
private String escapeHtml(String input) {
if (input == null) return null;
return input.replace("&", "&")
.replace("<", "<")
.replace(">", ">")
.replace("\"", """)
.replace("'", "'");
}
}