???????????????<script>window.location.href=”http://www.baidu.com”;</script>?????????洢??????&lt;script&gt;window.location.href=&quot;http://www.baidu.com&quot;&lt;/script&gt;????????????????Щ????????????????????????????ο???е????
????????
??????????????Html encode???????
???????Apache??commons-lang.jar
????StringEscapeUtils.escapeHtml(str);// ??????????????ASCII????????
??????????????????????????
private static String htmlEncode(char c) {
switch(c) {
case '&':
return"&amp;";
case '<':
return"&lt;";
case '>':
return"&gt;";
case '"':
return"&quot;";
case ' ':
return"&nbsp;";
default:
return c +"";
}
}
/** ???????????str????Html encode??? */
public static String htmlEncode(String str) {
if(str ==null || str.trim().equals(""))   return str;
StringBuilder encodeStrBuilder = new StringBuilder();
for (int i = 0?? len = str.length(); i < len; i++) {
encodeStrBuilder.append(htmlEncode(str.charAt(i)));
}
return encodeStrBuilder.toString();
}