import org.jsoup.Jsoup;public static String sanitizeHtml(String input) {// 使用 Jsoup 消毒 HTMLreturn Jsoup.clean(input, Safelist.relaxed());}public static void main(String[] args) {String userInput = "<p><script>alert(1)</script>Safe Content</p>";String sanitizedHtml = sanitizeHtml(userInput);System.out.println(sanitizedHtml);} <dependency><groupId>org.jsoup</groupId><artifactId>jsoup</artifactId><version>1.14.3</version> <!-- 使用最新版本 --></dependency>
结果:
另外一种可以script里面的字段也可以提出来
https://github.com/finn-no/xss-html-filter 依赖自行导入本地库
public static void main(String[] args) {String input = "<p><script>alert(1)</script>Safe Content</p>";String clean = new HTMLFilter().filter( input );System.out.println(clean);}
结果为:
