html标签 后台转义

/**

* 尽量使用把 转义后的数据放到页面

* 如果用到的<c:out >标签 很多的话可以考虑这种方法

*/

public class StringEscapeUtils {

public static Object escapeHtmlForBean(Object object) {

if(object ==null) {

returnnull;

}

Class<?> srcClass =object.getClass();

Object objNew =BeanUtils.instantiate(srcClass);

BeanWrappersrcBeanWrapper = PRopertyaccessorFactory.forBeanPropertyAccess(object);

BeanWrapperdstBeanWrapper = PropertyAccessorFactory.forBeanPropertyAccess(objNew);

Field[]fields = srcClass.getDeclaredFields();

for (Fieldfield : fields) {

TypefieldType = field.getGenericType();

String fieldName =field.getName();

if( srcBeanWrapper.isReadableProperty(fieldName) ==false ||

srcBeanWrapper.isWritableProperty(fieldName) ==false ) {

continue;

}

Object fieldValue =srcBeanWrapper.getPropertyValue(fieldName);

if(fieldValue!=null) {

if (fieldType.equals(String.class)) {

fieldValue = escapeHtml((String)fieldValue);

} else if(field.isAnnotationPresent((Class<? extends Annotation>) Model.class)) {

fieldValue = escapeHtmlForBean(fieldValue);

}

}

dstBeanWrapper.setPropertyValue(fieldName,fieldValue);

}

returnobjNew;

}

public static String escapeHtml(String string) {

if (string !=null) {

string = string.replaceAll("&", "&amp;");

string = string.replaceAll(" ", "&nbsp;");

string = string.replaceAll("<", "&lt;");

string = string.replaceAll(">", "&gt;");

string = string.replaceAll("/"", "&quot;");

string = string.replaceAll("////", "&#92;");

string =string.replaceAll("(/r/n|/r|/n|/n/r)","<br>");

}

returnstring;

}

}