飯粒...粒粒皆辛苦

攻擊語法
http://anti-hacker.blogspot.com/2007/07/xss.html

asp.net 的防禦方法
using Microsoft.Security.Application;
AntiXss.HtmlEncode
http://www.dotblogs.com.tw/jimmyyu/archive/2009/04/21/8118.aspx

PHP
http://plog.longwin.com.tw/programming/2008/08/27/php-sql-injection-xss-security-2008

笨方法

    private String cleanXSS(String value)
    {
        value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");

        value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", ")");

        value = value.replaceAll("'", "& #39;");

        value = value.replaceAll("eval\\((.*)\\)", "");

        value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");

        value = value.replaceAll("script", "");

        return value;
    }