1. import java.util.regex.Pattern;
  3. public class InputSanitizer {
  5. // Method to sanitize a string input
  6. public static String sanitizeInput(String input) {
  8. if (input == null || input.isEmpty()) {
  9. return ""; // Return empty string for null or empty input
  10. }
  12. // Remove HTML tags
  13. input = stripHtmlTags(input);
  15. // Remove special characters (keep alphanumeric and spaces)
  16. input = allowAlphanumericAndSpaces(input);
  18. // Optional: Limit length
  19. // input = limitLength(input, 255); // Example: Limit to 255 characters
  21. return input;
  22. }
  24. // Removes HTML tags
  25. private static String stripHtmlTags(String input) {
  26. Pattern pattern = Pattern.compile("<[^>]*>");
  27. return pattern.matcher(input).replaceAll("");
  28. }
  30. // Allows only alphanumeric characters and spaces
  31. private static String allowAlphanumericAndSpaces(String input) {
  32. return input.replaceAll("[^a-zA-Z0-9\\s]", "");
  33. }
  35. // Optional: Limits the length of the string. Can be computationally expensive for large strings.
  36. private static String limitLength(String input, int maxLength) {
  37. if (input.length() > maxLength) {
  38. return input.substring(0, maxLength);
  39. }
  40. return input;
  41. }
  43. public static void main(String[] args) {
  44. String testInput = "<script>alert('XSS')</script> Hello, World! & Special chars: !@#$%^&*()_+=-`~[]\{}|;':\",./<>?";
  45. String sanitizedInput = sanitizeInput(testInput);
  46. System.out.println("Original Input: " + testInput);
  47. System.out.println("Sanitized Input: " + sanitizedInput);
  48. }
  49. }

Add your comment