防止 pdf 执行 xss 注入漏洞

/** * 校验pdf文件是否包含js脚本 **/ public static boolean containsJavaScript(File file) throws IOException { PDDocument document = PDDocument.load(file); return containsJavaScript(document); } /** * 校验pdf文件是否包含js脚本 **/ public static boolean containsJavaScript(InputStream input) throws IOException { PDDocument document = PDDocument.load(input); return containsJavaScript(document); } /** * 校验pdf文件是否包含js脚本 **/ public static boolean containsJavaScript(PDDocument document) throws IOException { //Getting the PDDocumentInformation object Optional<COSObject> pdfJs = document.getDocument().getObjects().stream().filter(cosObject -> { String str = Optional.ofNullable(cosObject.getObject()).map(cosBase -> cosBase.toString().toLowerCase()).orElse(""); return str.contains("javascript") || str.contains("cosname{js}"); }).findAny(); return pdfJs.isPresent(); } public static void main(String args[]) throws IOException { //Loading an existing document String s1 = "xss注入测试.pdf"; File file = new File("C:\\Users\\Administrator\\Desktop\\" + s1); boolean b = containsJavaScript(file); if (b) { System.out.println("pdf文件包含，js脚本代码"); } }