Skip to content

Instantly share code, notes, and snippets.

@seyan

seyan/EscapeHtmlTest.java

Created March 25, 2011 01:02
Show Gist options
  • Save seyan/886197 to your computer and use it in GitHub Desktop.
Save seyan/886197 to your computer and use it in GitHub Desktop.
Download ZIP
XSS対策:HTMLエスケープメソッド
Raw
EscapeHtmlTest.java
mport static org.junit.Assert.assertEquals;
import org.junit.Test;
public class EscapeHtmlTest {
/**
* 引数で与えられた文字列にHTMLエスケープを行った結果文字列を返す
* @param str
* @return
*/
private static String escapeHTML(String str){
// 文字列の結合を繰り返すため、StringBuffer(可変の文字列を扱う)を使用
StringBuffer escapeStr = new StringBuffer();
for(int i=0; i < str.length(); i++){
char c = str.charAt(i);
if(c == '<'){
escapeStr.append("&lt;");
}
else if(c == '>'){
escapeStr.append("&gt;");
}
else if(c == '&'){
escapeStr.append("&amp;");
}
else if(c == '"'){
escapeStr.append("&quot;");
}
else if(c == '\''){
escapeStr.append("&#39;");
}
else{
escapeStr.append(c);
}
}
return escapeStr.toString();
}
@Test
public void testEscapeHTML() throws Exception{
assertEquals(escapeHTML("abcdefg"), "abcdefg");
assertEquals(escapeHTML("試験テスト"), "試験テスト");
assertEquals(escapeHTML("<script>alert('test');</script>&url=http://test")
,"&lt;script&gt;alert(&#39;test&#39;);&lt;/script&gt;&amp;url=http://test");
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment