我被告知从Web请求中读取而未验证它可能导致XSS攻击。我该如何防止这种情况?在将数据转换为二进制格式之前,如何验证和编码数据。任何输入都将受到赞赏,因为我完全失去了试图解决这个问题。
boolean headerContent = false;
InputStream inputStream = null;
HttpURLConnection urlConn = null;
for (String key : keySet) {
if (key.equalsIgnoreCase("Content-Encoding") && value.equalsIgnoreCase("gzip")) {
headerContent = true;
continue;
}
}
if (headerContent) {
inputStream = new GZIPInputStream(urlConn.getInputStream());
} else {
inputStream = urlConn.getInputStream() ;
}
int readData;
while ((readData = inputStream.read(bytes)) > 0) {
outputStream.write(bytes, 0, readData);
}