├── README.md
├── src
├── main
│ ├── java
│ │ └── com
│ │ │ └── github
│ │ │ └── textutils
│ │ │ ├── security
│ │ │ └── xss
│ │ │ │ ├── model
│ │ │ │ ├── RestrictAttribute.java
│ │ │ │ ├── Action.java
│ │ │ │ ├── Attribute.java
│ │ │ │ └── Tag.java
│ │ │ │ ├── PolicyException.java
│ │ │ │ ├── ScanException.java
│ │ │ │ ├── impl
│ │ │ │ ├── CssScanner.java
│ │ │ │ ├── FragmentXppParser.java
│ │ │ │ ├── MainUI.java
│ │ │ │ ├── CssDocumentHandler.java
│ │ │ │ └── XssFilterDocumentHandler.java
│ │ │ │ ├── resources
│ │ │ │ ├── gonglue-xss.xml
│ │ │ │ ├── ap-xss.xml
│ │ │ │ ├── strict-xss.xml
│ │ │ │ ├── tt-xss.xml
│ │ │ │ └── loose-xss.xml
│ │ │ │ ├── XssXppScanner.java
│ │ │ │ └── Policy.java
│ │ │ ├── text
│ │ │ ├── DetectDefinedChar.java
│ │ │ └── data
│ │ │ │ ├── BJX_U8.TXT
│ │ │ │ └── PINYING_U8.TXT
│ │ │ └── codec
│ │ │ ├── JavaScriptEncode.java
│ │ │ ├── HtmlDecodeRef.java
│ │ │ └── HtmlFastEntities.java
│ └── resources
│ │ └── META-INF
│ │ └── tags
│ │ └── coverity-escapers.tld
└── test
│ └── java
│ └── com
│ └── coverity
│ └── security
│ └── RichTestFilter.java
├── .gitignore
├── release.properties
└── pom.xml
/README.md:
--------------------------------------------------------------------------------
1 |
2 | richtext
3 | ========
4 | rich
5 | ====
6 |
7 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/model/RestrictAttribute.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss.model;
2 |
3 | public enum RestrictAttribute {
4 | NONE, BACKGROUND, STYLE
5 | }
6 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/model/Action.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss.model;
2 |
3 | /**
4 | * Html 标记处理办法
5 | *
6 | *
7 | * 1. REMOVE 删除标记和内容
8 | * 2. ACCEPT 保留标记和内容
9 | * 其余的情况是删除标记,但保留内容
10 | *
11 | *
12 | */
13 | public enum Action {
14 | REMOVE, ACCEPT, CSSHANDLER
15 | }
16 |
17 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.class
2 |
3 | # Package Files #
4 | *.jar
5 | *.war
6 | *.ear
7 | bin
8 | target
9 | log
10 | dependency-reduced-pom.xml
11 | .settings
12 | .project
13 | .classpath
14 | .svn
15 |
16 | *.iml
17 | /out
18 | /.idea/ant.xml
19 | /.idea/misc.xml
20 | /.idea/workspace.xml
21 | /.idea/compiler.xml
22 | /.idea/modules.xml
23 | /.idea/libraries/Maven*.xml
24 | /.idea/artifacts/*.xml
25 | /*.iws
26 |
27 | .DS_Store
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/PolicyException.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss;
2 |
3 | public class PolicyException extends Exception {
4 |
5 | private static final long serialVersionUID = -2045960001387814125L;
6 |
7 | public PolicyException(Exception e){
8 | super(e);
9 | }
10 |
11 | public PolicyException(String string){
12 | super(string);
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/ScanException.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss;
2 |
3 | public class ScanException extends RuntimeException {
4 |
5 | private static final long serialVersionUID = -8204412394195926823L;
6 |
7 | public ScanException(Exception e){
8 | super(e);
9 | }
10 |
11 | public ScanException(String string){
12 | super(string);
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/release.properties:
--------------------------------------------------------------------------------
1 | #release configuration
2 | #Fri Jan 10 13:32:03 CST 2014
3 | scm.tagNameFormat=@{project.artifactId}-@{project.version}
4 | pushChanges=true
5 | scm.url=scm\:git\:git@github.com\:textutils/rich.git
6 | preparationGoals=clean verify
7 | remoteTagging=true
8 | scm.commentPrefix=[maven-release-plugin]
9 | exec.additionalArguments=-Dgpg.passphrase\=Gss4MjtU -P sign
10 | exec.snapshotReleasePluginAllowed=false
11 | completedPhase=check-poms
12 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/model/Attribute.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss.model;
2 |
3 | import java.util.List;
4 | import java.util.regex.Pattern;
5 |
6 | public class Attribute {
7 |
8 | public String name;
9 | public String defaultValue;
10 | public List allowedRegExp;
11 | public RestrictAttribute restrictAttribute = RestrictAttribute.NONE;
12 |
13 | @Override
14 | public String toString() {
15 | return name;
16 | }
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/src/test/java/com/coverity/security/RichTestFilter.java:
--------------------------------------------------------------------------------
1 | package com.coverity.security;
2 |
3 | import java.io.InputStream;
4 |
5 | import com.github.textutils.security.xss.Policy;
6 | import com.github.textutils.security.xss.PolicyException;
7 | import com.github.textutils.security.xss.XssXppScanner;
8 |
9 | public class RichTestFilter {
10 |
11 | public static void main(String[] args) throws PolicyException {
12 | InputStream inputStream = XssXppScanner.class.getClassLoader().getResourceAsStream("com/github/textutils/security/xss/resources/tt-xss.xml");
13 | System.out.println(inputStream);
14 | Policy p = Policy.getCustomerPolicyInstance(inputStream);
15 | XssXppScanner scanner = new XssXppScanner(p);
16 |
17 | String txt = scanner.scan("<img/src=1 onerror=alert(1)//\"><img a=\"onerror=alert(1)//\"><p><img src=\"/p2pserver/bid/imgs/bidimg_30_3298559209792624904.jpg\" style=\"float:none;\" title=\"back.jpg\"/></p><p><img src=\"/p2pserver/bid/imgs/bidimg_30_492533416040017502.jpg\" style=\"float:none;\" title=\"front.jpg\"/></p><p><br/></p>");
18 | System.out.println(txt);
19 |
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/impl/CssScanner.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss.impl;
2 |
3 | import java.io.StringReader;
4 |
5 | import org.apache.batik.css.parser.Parser;
6 | import org.apache.commons.logging.Log;
7 | import org.apache.commons.logging.LogFactory;
8 | import org.w3c.css.sac.DocumentHandler;
9 | import org.w3c.css.sac.InputSource;
10 |
11 | import com.github.textutils.security.xss.ScanException;
12 |
13 | public class CssScanner {
14 |
15 | private static final Log logger = LogFactory.getLog(CssScanner.class);
16 |
17 | public String scanStyleSheet(String taintedCss, int sizeLimit, boolean inline) throws ScanException {
18 | if (taintedCss != null) {
19 | taintedCss = taintedCss.toLowerCase();
20 | } else {
21 | throw new ScanException("taintedCss is null");
22 | }
23 | // Parser is not thread safe, DO NOT PUT IT IN CLASS FIELDS VAR DEFINE
24 | Parser parser = new Parser();
25 | StringBuilder buffer = new StringBuilder(taintedCss.length() << 1);
26 | DocumentHandler handler = new CssDocumentHandler(buffer, inline);
27 |
28 | // parse the stylesheet
29 | parser.setDocumentHandler(handler);
30 | try {
31 | // parse the style declaration
32 | // note this does not count against the size limit because it
33 | // should already have been counted by the caller since it was
34 | // embedded in the HTML
35 | if (inline) {
36 | parser.parseStyleDeclaration(new InputSource(new StringReader(taintedCss)));
37 | } else {
38 | parser.parseStyleSheet(new InputSource(new StringReader(taintedCss)));
39 | }
40 |
41 | } catch (Exception e) {
42 | logger.error(e.getMessage());
43 | }
44 | return buffer.toString();
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/impl/FragmentXppParser.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss.impl;
2 |
3 | import java.io.IOException;
4 | import java.io.InputStream;
5 | import java.io.Reader;
6 |
7 | import org.apache.xerces.xni.parser.XMLInputSource;
8 | import org.apache.xerces.xni.parser.XMLParseException;
9 | import org.cyberneko.html.HTMLConfiguration;
10 | import org.xml.sax.InputSource;
11 | import org.xml.sax.SAXException;
12 | import org.xml.sax.SAXParseException;
13 |
14 | /**
15 | * html片段的Sax模型分析
16 | *
17 | */
18 | public class FragmentXppParser extends HTMLConfiguration {
19 |
20 | protected static final String DOCUMENT_FRAGMENT_PROPERTY = "http://cyberneko.org/html/features/document-fragment";
21 | protected static final String DEFAULT_ENCODING_PROPERTY = "http://cyberneko.org/html/properties/default-encoding";
22 | protected static final String DEFAULT_ENCODING_ALGORITHM = "UTF-8";
23 |
24 | public FragmentXppParser(){
25 | super();
26 | this.setFeature(DOCUMENT_FRAGMENT_PROPERTY, true);
27 | this.setProperty(DEFAULT_ENCODING_PROPERTY, DEFAULT_ENCODING_ALGORITHM);
28 | }
29 |
30 | public void parse(InputSource source) throws SAXException, IOException {
31 |
32 | try {
33 | String pubid = source.getPublicId();
34 | String sysid = source.getSystemId();
35 | String encoding = source.getEncoding();
36 | InputStream stream = source.getByteStream();
37 | Reader reader = source.getCharacterStream();
38 |
39 | XMLInputSource inputSource = new XMLInputSource(pubid, sysid, sysid);
40 | inputSource.setEncoding(encoding);
41 | inputSource.setByteStream(stream);
42 | inputSource.setCharacterStream(reader);
43 |
44 | parse(inputSource);
45 | } catch (XMLParseException e) {
46 | Exception ex = e.getException();
47 | if (ex != null) {
48 | throw new SAXParseException(e.getMessage(), null, ex);
49 | }
50 | throw new SAXParseException(e.getMessage(), null);
51 | }
52 | } // end parse(InputSource source, DocumentFragment fragment)
53 |
54 | }
55 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/model/Tag.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss.model;
2 |
3 | import java.util.HashMap;
4 | import java.util.Map;
5 | import java.util.Set;
6 |
7 | /**
8 | * 标记: 名字, 动作, 属性
9 | *
10 | */
11 | public class Tag {
12 |
13 | private String name;
14 | private String attrRef;
15 | private Map<String, Attribute> allowedAttributes = new HashMap<String, Attribute>();
16 | public Action action;
17 |
18 | public Tag(String name){
19 | this.name = name;
20 | }
21 |
22 | public String getAttrRef() {
23 | return attrRef;
24 | }
25 |
26 | public void setAttrRef(String attrRef) {
27 | this.attrRef = attrRef;
28 | }
29 |
30 | public Map<String, Attribute> getAllowedAttributes() {
31 | return allowedAttributes;
32 | }
33 |
34 | public void setAllowedAttributes(Map<String, Attribute> allowedAttributes) {
35 | if (allowedAttributes != null) {
36 | this.allowedAttributes = allowedAttributes;
37 | }
38 | }
39 |
40 | public Attribute getAttributeByName(String name) {
41 |
42 | return (Attribute) allowedAttributes.get(name);
43 |
44 | }
45 |
46 | public String getName() {
47 | return name;
48 | }
49 |
50 | public void setName(String name) {
51 | this.name = name;
52 | }
53 |
54 | public Action getAction() {
55 | return action;
56 | }
57 |
58 | public void setAction(Action action) {
59 | this.action = action;
60 | }
61 |
62 | public String[] getAttributes() {
63 | String atts[] = null;
64 | if (allowedAttributes != null && allowedAttributes.size() > 0) {
65 | atts = new String[allowedAttributes.size()];
66 | Set<String> key = allowedAttributes.keySet();
67 | int i = 0;
68 | for (String string : key) {
69 | atts[i++] = string;
70 | }
71 | }
72 | return atts;
73 | }
74 |
75 | @Override
76 | public String toString() {
77 | StringBuilder sb = new StringBuilder();
78 | sb.append(name + "={");
79 | if (allowedAttributes != null && allowedAttributes.size() > 0) {
80 | Set<String> key = allowedAttributes.keySet();
81 | if (key.size() == 0) {
82 | return "";
83 | }
84 | for (String string : key) {
85 | sb.append(string);
86 | sb.append(",");
87 | }
88 | sb.deleteCharAt(sb.length() - 1);
89 | }
90 | sb.append("}");
91 | return sb.toString();
92 | }
93 |
94 | }
95 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/text/DetectDefinedChar.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.text;
2 |
3 | /**
4 | * <pre>
5 | * 当有比较多的字符不能在某个串中出现, 通过一个查表算法确定。比如识别[a,b,c,d]不能在一个string中出现。
6 | * 由于消耗比较多的内存, 最好使用单一实例。 初始化过程并非线程安全。 最好一次完成初始化的过程。
7 | * 使用方法:
8 | * DetectProhibitChar p2 = new DetectProhibitChar();
9 | * p2.addProhibitChar("我们是中国人**#W¥%&*(¥%&*AAAAAAAAAAAAAAAAAAAAAAA");
10 | * for (int i = 0; i < 65536; i++) {
11 | * if (p2.isProhibitChar((char) i)) {
12 | * System.out.print((char) i);
13 | * }
14 | * }
15 | * </pre>
16 | *
17 | */
18 | public class DetectDefinedChar {
19 |
20 | byte[] masks = new byte[1024 * 8];
21 |
22 | public DetectDefinedChar(){
23 |
24 | }
25 |
26 | public DetectDefinedChar(char prohibits[]){
27 | addProhibitChar(prohibits);
28 | }
29 |
30 | /**
31 | * 增加一个跳越字符
32 | *
33 | * @param c
34 | */
35 | public void addProhibitChar(char c) {
36 | int pos = c >> 3;
37 | masks[pos] = (byte) ((masks[pos] & 0xFF) | (1 << (c % 8)));
38 | }
39 |
40 | public void addProhibitChar(int c) {
41 | addProhibitChar((char) c);
42 | }
43 |
44 | /**
45 | * 增加一个string里的所有字符
46 | *
47 | * @param str
48 | */
49 | public void addProhibitChar(String str) {
50 | if (str != null) {
51 | char cs[] = str.toCharArray();
52 | for (char c : cs) {
53 | addProhibitChar(c);
54 | }
55 | }
56 | }
57 |
58 | public void addProhibitChar(char prohibits[]) {
59 | if (prohibits != null) {
60 | for (char c : prohibits) {
61 | addProhibitChar(c);
62 | }
63 | }
64 | }
65 |
66 | public void removeProhibitChar(char c) {
67 | int pos = c >> 3;
68 | masks[pos] = (byte) ((masks[pos] & 0xFF) & (~(1 << (c % 8))));
69 | }
70 |
71 | public boolean isProhibitChar(char c) {
72 | int pos = c >> 3;
73 | int i = (masks[pos] & 0xFF) & (1 << (c % 8));
74 | return (i != 0);
75 | }
76 |
77 | public boolean hasProhibitChar(char cs[]) {
78 | if (cs != null) {
79 | for (char c : cs) {
80 | if (isProhibitChar(c)) {
81 | return true;
82 | }
83 | }
84 | }
85 | return false;
86 | }
87 |
88 | public boolean hasProhibitChar(String str) {
89 | if (str != null) {
90 | for (int i = 0; i < str.length(); i++) {
91 | if (isProhibitChar(str.charAt(i))) {
92 | return true;
93 | }
94 | }
95 | }
96 | return false;
97 | }
98 |
99 | }
100 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/resources/gonglue-xss.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8" ?>
2 | <xss>
3 | <directives>
4 | <directive name="maxInputSize" value="1000000" />
5 | <directive name="maxCssInputSize" value="10000" />
6 | <directive name="enableStyleScan" value="true" />
7 | <directive name="removeComment" value="true" />
8 | <directive name="elemsLower" value="true" />
9 | <directive name="attrsLower" value="true" />
10 | <directive name="usePurifier" value="true" />
11 | <directive name="usePreXMLValid" value="true" />
12 | </directives>
13 | <common-regexps>
14 | <regexp name="img-src-allowed" value="^http[s]{0,1}://([a-z0-9\-_]+\.)*(taobao|alipay|alibaba|1688|yahoo|alisoft|alimama|koubei|aliimg|alibado|alixueyuan)\.(com|net|cn|com\.cn)(/.*)*$" />
15 | <regexp name="img-class-pattern" value="^img(L|R)$" />
16 | <regexp name="span-pattern" value="^text-decoration: underline;$" />
17 | </common-regexps>
18 | <!-- 标记通用属性属性 -->
19 | <tag-attributes>
20 | <attributes name="h6">
21 | <attribute name="class" />
22 | </attributes>
23 | <attributes name="empty-attributes" />
24 | <attributes name="span">
25 | <attribute name="style">
26 | <regexp-list>
27 | <regexp name="span-pattern" />
28 | </regexp-list>
29 | </attribute>
30 | </attributes>
31 | <attributes name="img">
32 | <attribute name="class">
33 | <regexp-list>
34 | <regexp name="img-class-pattern" />
35 | </regexp-list>
36 | </attribute>
37 | <attribute name="src">
38 | <regexp-list>
39 | <regexp name="img-src-allowed" />
40 | </regexp-list>
41 | </attribute>
42 | <attribute name="alt" />
43 | </attributes>
44 | </tag-attributes>
45 | <!-- remove: remove all content include child node -->
46 | <!-- accept: keep tag and ratain content -->
47 | <!-- undefined: remove tag and ratain it's content -->
48 | <tag-rules>
49 | <!-- 不接受标签 -->
50 | <tag name="script" action="remove" />
51 | <tag name="noscript" action="remove" />
52 | <tag name="style" action="remove" />
53 | <tag name="head" action="remove" />
54 | <tag name="select" action="remove" />
55 | <tag name="form" action="remove" />
56 | <tag name="iframe" action="remove" />
57 | <tag name="frame" action="remove" />
58 | <tag name="frameset" action="remove" />
59 |
60 | <!-- 接受标签 -->
61 | <tag name="h6" action="accept" attributes="h6" />
62 | <tag name="strong" action="accept" attributes="empty-attributes" />
63 | <tag name="em" action="accept" attributes="empty-attributes" />
64 | <tag name="p" action="accept" attributes="empty-attributes" />
65 | <tag name="br" action="accept" attributes="empty-attributes" />
66 | <tag name="span" action="accept" attributes="span" />
67 | <tag name="img" action="accept" attributes="img" />
68 | </tag-rules>
69 | </xss>
--------------------------------------------------------------------------------
/src/main/resources/META-INF/tags/coverity-escapers.tld:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8" ?>
2 |
3 | <taglib xmlns="http://java.sun.com/xml/ns/j2ee"
4 | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5 | xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
6 | http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
7 | version="2.0">
8 | <display-name>Coverity Escapers</display-name>
9 |
10 | <tlib-version>1.1</tlib-version>
11 | <jsp-version>2.0</jsp-version>
12 |
13 | <short-name>cov</short-name>
14 | <uri>http://coverity.com/security</uri>
15 |
16 | <function>
17 | <name>htmlEscape</name>
18 | <function-class>com.coverity.security.EscapeEL</function-class>
19 | <function-signature>java.lang.String htmlEscape(java.lang.String)</function-signature>
20 | </function>
21 |
22 | <function>
23 | <name>htmlText</name>
24 | <function-class>com.coverity.security.EscapeEL</function-class>
25 | <function-signature>java.lang.String htmlText(java.lang.String)</function-signature>
26 | </function>
27 |
28 | <function>
29 | <name>uriEncode</name>
30 | <function-class>com.coverity.security.EscapeEL</function-class>
31 | <function-signature>java.lang.String uriEncode(java.lang.String)</function-signature>
32 | </function>
33 |
34 | <function>
35 | <name>uriParamEncode</name>
36 | <function-class>com.coverity.security.EscapeEL</function-class>
37 | <function-signature>java.lang.String uriParamEncode(java.lang.String)</function-signature>
38 | </function>
39 |
40 | <function>
41 | <name>jsStringEscape</name>
42 | <function-class>com.coverity.security.EscapeEL</function-class>
43 | <function-signature>java.lang.String jsStringEscape(java.lang.String)</function-signature>
44 | </function>
45 |
46 | <function>
47 | <name>jsRegexEscape</name>
48 | <function-class>com.coverity.security.EscapeEL</function-class>
49 | <function-signature>java.lang.String jsRegexEscape(java.lang.String)</function-signature>
50 | </function>
51 |
52 | <function>
53 | <name>cssStringEscape</name>
54 | <function-class>com.coverity.security.EscapeEL</function-class>
55 | <function-signature>java.lang.String cssStringEscape(java.lang.String)</function-signature>
56 | </function>
57 |
58 |
59 | <!-- Filters -->
60 | <function>
61 | <name>asURL</name>
62 | <function-class>com.coverity.security.FilterEL</function-class>
63 | <function-signature>java.lang.String asURL(java.lang.String)</function-signature>
64 | </function>
65 |
66 | <function>
67 | <name>asFlexibleURL</name>
68 | <function-class>com.coverity.security.FilterEL</function-class>
69 | <function-signature>java.lang.String asFlexibleURL(java.lang.String)</function-signature>
70 | </function>
71 |
72 | <function>
73 | <name>asNumber</name>
74 | <function-class>com.coverity.security.FilterEL</function-class>
75 | <function-signature>java.lang.String asNumber(java.lang.String)</function-signature>
76 | </function>
77 |
78 | <function>
79 | <name>asNumberDefault</name>
80 | <function-class>com.coverity.security.FilterEL</function-class>
81 | <function-signature>java.lang.String asNumberDefault(java.lang.String,java.lang.String)</function-signature>
82 | </function>
83 |
84 | <function>
85 | <name>asCssColor</name>
86 | <function-class>com.coverity.security.FilterEL</function-class>
87 | <function-signature>java.lang.String asCssColor(java.lang.String)</function-signature>
88 | </function>
89 |
90 | <function>
91 | <name>asCssColorDefault</name>
92 | <function-class>com.coverity.security.FilterEL</function-class>
93 | <function-signature>java.lang.String asCssColorDefault(java.lang.String,java.lang.String)</function-signature>
94 | </function>
95 |
96 | </taglib>
97 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/impl/MainUI.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss.impl;
2 |
3 | import java.awt.BorderLayout;
4 | import java.awt.Color;
5 | import java.awt.FlowLayout;
6 | import java.awt.event.ActionEvent;
7 | import java.awt.event.ActionListener;
8 |
9 | import javax.swing.JButton;
10 | import javax.swing.JFrame;
11 | import javax.swing.JPanel;
12 | import javax.swing.JScrollPane;
13 | import javax.swing.JTextArea;
14 |
15 | import com.github.textutils.security.xss.Policy;
16 | import com.github.textutils.security.xss.PolicyException;
17 | import com.github.textutils.security.xss.XssXppScanner;
18 |
19 | public class MainUI extends JFrame {
20 |
21 | private static final long serialVersionUID = 4852051150406340218L;
22 | JTextArea input, output;
23 | JButton ok, cancel, clear;
24 | Policy p;
25 | XssXppScanner scanner;
26 |
27 | public MainUI() throws PolicyException{
28 | setTitle("XSS validate tools");
29 | setBounds(50, 50, 800, 600);
30 | init();
31 | this.pack();
32 | p = Policy.getStrictPolicyInstance();
33 | scanner = new XssXppScanner(p);
34 | }
35 |
36 | private void init() {
37 | JPanel root = new JPanel(new BorderLayout());
38 | input = new JTextArea();
39 | output = new JTextArea();
40 | input.setLineWrap(true);
41 | output.setLineWrap(true);
42 | input.setRows(10);
43 | input.setColumns(80);
44 | output.setRows(10);
45 | output.setColumns(80);
46 | ok = new JButton("OK");
47 | cancel = new JButton("Cancel");
48 | clear = new JButton("Clear");
49 | output.setEditable(false);
50 | JPanel up = new JPanel();
51 | up.add(new JScrollPane(input, JScrollPane.VERTICAL_SCROLLBAR_ALWAYS, JScrollPane.HORIZONTAL_SCROLLBAR_NEVER));
52 | JPanel center = new JPanel();
53 | center.add(new JScrollPane(output, JScrollPane.VERTICAL_SCROLLBAR_ALWAYS,
54 | JScrollPane.HORIZONTAL_SCROLLBAR_ALWAYS));
55 | JPanel down = new JPanel();
56 | JPanel butPan = new JPanel(new FlowLayout(0));
57 | butPan.add(clear);
58 | butPan.add(ok);
59 | butPan.add(cancel);
60 |
61 | down.add(butPan);
62 | root.add(up, BorderLayout.NORTH);
63 | root.add(center, BorderLayout.CENTER);
64 | root.add(down, BorderLayout.SOUTH);
65 | this.getContentPane().add(root);
66 | ok.addActionListener(new ActionListener() {
67 |
68 | public void actionPerformed(ActionEvent e) {
69 | String html = input.getText();
70 | String s = scanner.scan(html);
71 | if (s != null) {
72 | if (s.length() == 0) {
73 | output.setText("all html was removed");
74 | } else {
75 | output.setText(s);
76 | }
77 | } else {
78 | output.setText("code bug, contact me:)");
79 | }
80 | }
81 | });
82 | cancel.addActionListener(new ActionListener() {
83 |
84 | public void actionPerformed(ActionEvent e) {
85 | System.exit(0);
86 | }
87 | });
88 | clear.addActionListener(new ActionListener() {
89 |
90 | public void actionPerformed(ActionEvent e) {
91 | input.setText("");
92 | output.setText("");
93 | }
94 | });
95 | up.setOpaque(false);
96 | center.setOpaque(false);
97 | down.setOpaque(false);
98 | root.setBackground(Color.BLACK);
99 | }
100 |
101 | /**
102 | * @param args
103 | */
104 | public static void main(String[] args) {
105 | try {
106 | MainUI frame = new MainUI();
107 | frame.setVisible(true);
108 | } catch (PolicyException e) {
109 | e.printStackTrace();
110 | }
111 |
112 | }
113 |
114 | }
115 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
2 | <parent>
3 | <groupId>org.sonatype.oss</groupId>
4 | <artifactId>oss-parent</artifactId>
5 | <version>7</version>
6 | </parent>
7 | <modelVersion>4.0.0</modelVersion>
8 | <groupId>com.github.textutils</groupId>
9 | <artifactId>richtext</artifactId>
10 | <packaging>jar</packaging>
11 | <name>Text Tools</name>
12 | <version>1.1-SNAPSHOT</version>
13 | <description>The maven main core project description</description>
14 | <url>http://maven.apache.org</url>
15 | <licenses>
16 | <license>
17 | <name>The Apache Software License, Version 2.0</name>
18 | <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
19 | <distribution>repo</distribution>
20 | </license>
21 | </licenses>
22 | <scm>
23 | <connection>scm:git:git@github.com:textutils/rich.git</connection>
24 | <developerConnection>scm:git:git@github.com:textutils/rich.git</developerConnection>
25 | <url>git@github.com:textutils/rich.git</url>
26 | </scm>
27 | <developers>
28 | <developer>
29 | <id>user007</id>
30 | <name>tom jeans</name>
31 | <email>cashethon@126.com</email>
32 | </developer>
33 | </developers>
34 | <dependencies>
35 | <dependency>
36 | <groupId>commons-logging</groupId>
37 | <artifactId>commons-logging</artifactId>
38 | <version>1.1.3</version>
39 | </dependency>
40 | <dependency>
41 | <groupId>org.htmlparser</groupId>
42 | <artifactId>htmlparser</artifactId>
43 | <version>2.1</version>
44 | </dependency>
45 | <dependency>
46 | <groupId>org.w3c.css</groupId>
47 | <artifactId>sac</artifactId>
48 | <version>1.3</version>
49 | </dependency>
50 | <dependency>
51 | <groupId>org.apache.xmlgraphics</groupId>
52 | <artifactId>batik-css</artifactId>
53 | <version>1.7</version>
54 | </dependency>
55 | <dependency>
56 | <groupId>oro</groupId>
57 | <artifactId>oro</artifactId>
58 | <version>2.0.8</version>
59 | </dependency>
60 |
61 | <dependency>
62 | <groupId>org.apache.velocity</groupId>
63 | <artifactId>velocity</artifactId>
64 | <version>1.7</version>
65 | </dependency>
66 | <dependency>
67 | <groupId>net.sourceforge.nekohtml</groupId>
68 | <artifactId>nekohtml</artifactId>
69 | <version>1.9.19</version>
70 | </dependency>
71 | <dependency>
72 | <groupId>junit</groupId>
73 | <artifactId>junit</artifactId>
74 | <version>3.8.1</version>
75 | <scope>test</scope>
76 | </dependency>
77 | </dependencies>
78 | <!--
79 | AVOID RELEASE REPOSITORY/PLUGINREPOSITORY:
80 | <repositories></repositories>
81 | <pluginRepositories></pluginRepositories>
82 | -->
83 | <build>
84 | <plugins>
85 | <plugin>
86 | <groupId>org.apache.maven.plugins</groupId>
87 | <artifactId>maven-release-plugin</artifactId>
88 | <version>2.2.2</version>
89 | <configuration>
90 | <arguments>-Dgpg.passphrase=${gpg.passphrase}</arguments>
91 | </configuration>
92 | </plugin>
93 |
94 |
95 | </plugins>
96 | </build>
97 |
98 | <distributionManagement>
99 | <snapshotRepository>
100 | <id>sonatype-nexus-snapshots</id>
101 | <name>Sonatype Nexus snapshot repository</name>
102 | <url>https://oss.sonatype.org/content/repositories/snapshots</url>
103 | </snapshotRepository>
104 | <repository>
105 | <id>sonatype-nexus-staging</id>
106 | <name>Sonatype Nexus release repository</name>
107 | <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
108 | </repository>
109 | </distributionManagement>
110 |
111 | <profiles>
112 | <profile>
113 | <id>release-sign-artifacts</id>
114 | <activation>
115 | <property>
116 | <name>performRelease</name>
117 | <value>true</value>
118 | </property>
119 | </activation>
120 | <build>
121 | <plugins>
122 | <plugin>
123 | <groupId>org.apache.maven.plugins</groupId>
124 | <artifactId>maven-gpg-plugin</artifactId>
125 | <version>1.4</version>
126 | <configuration>
127 | <passphrase>${gpg.passphrase}</passphrase>
128 | </configuration>
129 | <executions>
130 | <execution>
131 | <id>sign-artifacts</id>
132 | <phase>verify</phase>
133 | <goals>
134 | <goal>sign</goal>
135 | </goals>
136 | </execution>
137 | </executions>
138 | </plugin>
139 | </plugins>
140 | </build>
141 | </profile>
142 | </profiles>
143 |
144 | </project>
145 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/XssXppScanner.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss;
2 |
3 | import java.io.IOException;
4 | import java.io.StringReader;
5 |
6 | import org.apache.xerces.xni.parser.XMLDocumentFilter;
7 | import org.cyberneko.html.filters.Purifier;
8 | import org.xml.sax.InputSource;
9 | import org.xml.sax.SAXException;
10 |
11 | import com.github.textutils.security.xss.impl.CssScanner;
12 | import com.github.textutils.security.xss.impl.FragmentXppParser;
13 | import com.github.textutils.security.xss.impl.XssFilterDocumentHandler;
14 | import com.github.textutils.text.DetectDefinedChar;
15 |
16 | public class XssXppScanner {
17 |
18 | private Policy policy = null;
19 | private CssScanner cssScanner = new CssScanner();
20 |
21 | protected static final String NAMES_ELEMS_PROPERTY = "http://cyberneko.org/html/properties/names/elems";
22 | protected static final String NAMES_ATTRS_PROPERTY = "http://cyberneko.org/html/properties/names/attrs";
23 | protected static final String FILTERS_PROPERTY = "http://cyberneko.org/html/properties/filters";
24 |
25 | // XML Character Define char::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
26 | // 定义XML允许出现的合法字符
27 | static DetectDefinedChar detectXMLChar = new DetectDefinedChar();
28 | static {
29 | detectXMLChar.addProhibitChar(0x9);
30 | detectXMLChar.addProhibitChar(0xA);
31 | detectXMLChar.addProhibitChar(0xD);
32 | for (int i = 0x20; i < (0xD7FF + 1); i++) {
33 | detectXMLChar.addProhibitChar(i);
34 | }
35 | for (int i = 0xE000; i < (0xFFFD + 1); i++) {
36 | detectXMLChar.addProhibitChar(i);
37 | }
38 | }
39 |
40 | public XssXppScanner(Policy policy){
41 | this.policy = policy;
42 |
43 | }
44 |
45 | public String scan(String html) {
46 | if (html == null) {
47 | throw new ScanException("input html can not be null");
48 | }
49 | if (html.length() > policy.maxInputSize) {
50 | throw new ScanException("input html reach max size: " + policy.maxInputSize);
51 | }
52 |
53 | if (this.policy.usePreXMLValid) {
54 | html = stripNonValidXMLCharacters(html);
55 | }
56 |
57 | FragmentXppParser parser = new FragmentXppParser();
58 | if (this.policy.elemsLower) {
59 | parser.setProperty(NAMES_ELEMS_PROPERTY, "lower");
60 | } else {
61 | parser.setProperty(NAMES_ELEMS_PROPERTY, "upper");
62 | }
63 | if (this.policy.attrsLower) {
64 | parser.setProperty(NAMES_ATTRS_PROPERTY, "lower");
65 | } else {
66 | parser.setProperty(NAMES_ATTRS_PROPERTY, "upper");
67 | }
68 |
69 | StringBuilder buffer = new StringBuilder(html.length() << 1);
70 |
71 | // 输出工具
72 | XssFilterDocumentHandler filter = new XssFilterDocumentHandler(buffer, policy, cssScanner);
73 |
74 | if (this.policy.usePurifier) {
75 | Purifier p = new Purifier();
76 | XMLDocumentFilter[] filters = { p, filter };
77 | parser.setProperty(FILTERS_PROPERTY, filters);
78 | } else {
79 | XMLDocumentFilter[] filters = { filter };
80 | parser.setProperty(FILTERS_PROPERTY, filters);
81 | }
82 |
83 | InputSource input = new InputSource(new StringReader(html));
84 | try {
85 | parser.parse(input);
86 | } catch (SAXException e) {
87 | throw new ScanException(e);
88 | } catch (IOException e) {
89 | throw new ScanException(e);
90 | }
91 | return buffer.toString();
92 |
93 | }
94 |
95 | /**
96 | * This method was borrowed from Mark McLaren, to whom I owe much beer. This method ensures that the output has only
97 | * valid XML unicode characters as specified by the XML 1.0 standard. For reference, please see <a
98 | * href="http://www.w3.org/TR/2000/REC-xml-20001006#NT-Char">the standard</a>. This method will return an empty
99 | * String if the input is null or empty.
100 | *
101 | * @param in The String whose non-valid characters we want to remove.
102 | * @return The in String, stripped of non-valid characters.
103 | */
104 |
105 | public String stripNonValidXMLCharacters(String in) {
106 | if (in == null) {
107 | return null;
108 | }
109 | StringBuilder sb = null;
110 | int len = in.length();
111 | for (int i = 0; i < len; i++) {
112 | char ch = in.charAt(i);
113 | if (detectXMLChar.isProhibitChar(ch)) {
114 | if (sb != null) {
115 | sb.append(ch);
116 | }
117 | } else {
118 | if (sb == null) {
119 | sb = new StringBuilder(len);
120 | sb.append(in, 0, i);
121 | }
122 | }
123 |
124 | }
125 | return (sb == null ? in : sb.toString());
126 | }
127 | }
128 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/codec/JavaScriptEncode.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.codec;
2 |
3 | import java.io.IOException;
4 | import java.io.StringWriter;
5 | import java.io.Writer;
6 |
7 | public class JavaScriptEncode {
8 |
9 | static boolean COMMON_ASCII[] = new boolean[127];
10 | static {
11 | // 0-9
12 | for (char i = '0'; i <= '9'; i++) {
13 | COMMON_ASCII[i] = true;
14 | }
15 | // a-z
16 | for (char i = 'a'; i <= 'z'; i++) {
17 | COMMON_ASCII[i] = true;
18 | }
19 | // A-Z
20 | for (char i = 'A'; i <= 'Z'; i++) {
21 | COMMON_ASCII[i] = true;
22 | }
23 | COMMON_ASCII[32] = true;
24 | COMMON_ASCII[44] = true;
25 | COMMON_ASCII[46] = true;
26 |
27 | }
28 |
29 | public static String escapedJavaScript(String string) {
30 | if (string == null || string.length() == 0) {
31 | return string;
32 | }
33 | StringBuilder buffer = new StringBuilder(string.length() << 1);
34 | String hex;
35 | for (int i = 0; i < string.length(); i++) {
36 | char c = string.charAt(i);
37 |
38 | if (c < 127 && COMMON_ASCII[c]) {
39 | buffer.append(c);
40 | } else if (c <= 127) {
41 | hex = Integer.toHexString(c).toUpperCase();
42 | if (hex.length() < 2) {
43 | buffer.append("\\x0");
44 | } else {
45 | buffer.append("\\x");
46 | }
47 | buffer.append(hex);
48 | } else {
49 | // c > 0x7F // len >= 2
50 | hex = Integer.toHexString(c).toUpperCase();
51 | if (c < 0x100) {// len == 2
52 | buffer.append("\\u00");
53 | } else if (c < 0x1000) {// len == 3
54 | buffer.append("\\u0");
55 | } else {// len == 4
56 | buffer.append("\\u");
57 | }
58 | buffer.append(hex);
59 | }
60 | }
61 | return buffer.toString();
62 | }
63 |
64 | public static String escapedJavaScriptValue(String str) {
65 |
66 | if (str == null) {
67 | return null;
68 | }
69 | int length = str.length();
70 | Writer out = new StringWriter(length << 1);
71 | try {
72 | for (int i = 0; i < length; i++) {
73 | char ch = str.charAt(i);
74 |
75 | if (ch < 32) {
76 | switch (ch) {
77 | case '\b':
78 |
79 | out.write('\\');
80 |
81 | out.write('b');
82 | break;
83 |
84 | case '\n':
85 | out.write('\\');
86 | out.write('n');
87 | break;
88 |
89 | case '\t':
90 | out.write('\\');
91 | out.write('t');
92 | break;
93 |
94 | case '\f':
95 | out.write('\\');
96 | out.write('f');
97 | break;
98 |
99 | case '\r':
100 | out.write('\\');
101 | out.write('r');
102 | break;
103 |
104 | default:
105 | if (ch > 0xf) {
106 | out.write("\\u00" + Integer.toHexString(ch).toUpperCase());
107 | } else {
108 | out.write("\\u000" + Integer.toHexString(ch).toUpperCase());
109 | }
110 |
111 | break;
112 | }
113 |
114 | } else {
115 | switch (ch) {
116 | case '/':
117 | out.write('\\');
118 | out.write('/');
119 | break;
120 | case '\'':
121 | out.write('\\');
122 | out.write('\'');
123 | break;
124 | case '"':
125 | out.write('\\');
126 | out.write('"');
127 | break;
128 | case '\\':
129 | out.write('\\');
130 | out.write('\\');
131 | break;
132 | default:
133 | out.write(ch);
134 | break;
135 | }
136 | }
137 | }
138 | } catch (IOException e) {
139 | // impossible
140 | }
141 | return out.toString();
142 | }
143 | }
144 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/impl/CssDocumentHandler.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss.impl;
2 |
3 | import java.util.regex.Pattern;
4 |
5 | import org.w3c.css.sac.CSSException;
6 | import org.w3c.css.sac.DocumentHandler;
7 | import org.w3c.css.sac.InputSource;
8 | import org.w3c.css.sac.LexicalUnit;
9 | import org.w3c.css.sac.SACMediaList;
10 | import org.w3c.css.sac.Selector;
11 | import org.w3c.css.sac.SelectorList;
12 |
13 | public class CssDocumentHandler implements DocumentHandler {
14 |
15 | // remove these attribute
16 | private static final String ABSOLUTE_PROP_VALUE = "(absolute)";
17 | private static final String RELATIVE_PROP_VALUE = "(relative)";
18 | private static final String EXPRESSION_VALUE = "(expression)";
19 | private static final String OCTALCHAR = "(\\\\[0-9a-zA-Z]{1,2})";
20 | // ////////in style///
21 | private static String ZINDEX_PROP = "z-index";
22 |
23 | private StringBuilder styleSheet = null;
24 | private boolean selectorOpen = true;
25 | private boolean inlineStyle = false;
26 |
27 | private static final Pattern forbiddenAttr = Pattern.compile(ABSOLUTE_PROP_VALUE + "|" + RELATIVE_PROP_VALUE
28 | + "|" + EXPRESSION_VALUE + "|" + OCTALCHAR);
29 |
30 | public CssDocumentHandler(StringBuilder buffer, boolean inlineStyle){
31 | this.styleSheet = buffer;
32 | this.inlineStyle = inlineStyle;
33 |
34 | }
35 |
36 | public void comment(String text) throws CSSException {
37 | }
38 |
39 | public void endDocument(InputSource source) throws CSSException {
40 |
41 | }
42 |
43 | public void endFontFace() throws CSSException {
44 |
45 | }
46 |
47 | public void endMedia(SACMediaList media) throws CSSException {
48 |
49 | }
50 |
51 | public void endPage(String name, String pseudo_page) throws CSSException {
52 |
53 | }
54 |
55 | public void ignorableAtRule(String atRule) throws CSSException {
56 |
57 | }
58 |
59 | public void importStyle(String uri, SACMediaList media, String defaultNamespaceURI) throws CSSException {
60 |
61 | }
62 |
63 | public void namespaceDeclaration(String prefix, String uri) throws CSSException {
64 |
65 | }
66 |
67 | public void property(String name, LexicalUnit value, boolean important) throws CSSException {
68 | if (!selectorOpen && inlineStyle) {
69 | return;
70 | }
71 | if (!ZINDEX_PROP.equals(name)) {
72 | styleSheet.append(name);
73 | styleSheet.append(':');
74 |
75 | // append all values
76 | while (value != null) {
77 | styleSheet.append(' ');
78 | styleSheet.append(lexicalValueToString(value));
79 | value = value.getNextLexicalUnit();
80 | }
81 | styleSheet.append(';');
82 | }
83 | }
84 |
85 | public void startDocument(InputSource source) throws CSSException {
86 |
87 | }
88 |
89 | public void startFontFace() throws CSSException {
90 |
91 | }
92 |
93 | public void startMedia(SACMediaList media) throws CSSException {
94 |
95 | }
96 |
97 | public void startPage(String name, String pseudo_page) throws CSSException {
98 |
99 | }
100 |
101 | public void startSelector(SelectorList selectors) throws CSSException {
102 |
103 | // keep track of number of valid selectors from this rule
104 | int selectorCount = 0;
105 |
106 | // check each selector from this rule
107 | for (int i = 0; i < selectors.getLength(); i++) {
108 | Selector selector = selectors.item(i);
109 |
110 | if (selector != null) {
111 | String selectorName = selector.toString();
112 | if (selectorCount > 0) {
113 | styleSheet.append(',');
114 | styleSheet.append(' ');
115 | }
116 | styleSheet.append(selectorName);
117 | selectorCount++;
118 | }
119 | }
120 |
121 | // if and only if there were selectors that were valid, append
122 | // appropriate open brace and set state to within selector
123 | if (selectorCount > 0) {
124 | styleSheet.append(' ');
125 | styleSheet.append('{');
126 | selectorOpen = true;
127 | }
128 | }
129 |
130 | public void endSelector(SelectorList selectors) throws CSSException {
131 |
132 | if (selectorOpen) {
133 | styleSheet.append('}');
134 | styleSheet.append('\n');
135 | }
136 |
137 | // reset state
138 | selectorOpen = false;
139 | }
140 |
141 | private String lexicalValueToString(LexicalUnit lu) {
142 |
143 | switch (lu.getLexicalUnitType()) {
144 | case LexicalUnit.SAC_PERCENTAGE:
145 | case LexicalUnit.SAC_DIMENSION:
146 | case LexicalUnit.SAC_EM:
147 | case LexicalUnit.SAC_EX:
148 | case LexicalUnit.SAC_PIXEL:
149 | case LexicalUnit.SAC_INCH:
150 | case LexicalUnit.SAC_CENTIMETER:
151 | case LexicalUnit.SAC_MILLIMETER:
152 | case LexicalUnit.SAC_POINT:
153 | case LexicalUnit.SAC_PICA:
154 | case LexicalUnit.SAC_DEGREE:
155 | case LexicalUnit.SAC_GRADIAN:
156 | case LexicalUnit.SAC_RADIAN:
157 | case LexicalUnit.SAC_MILLISECOND:
158 | case LexicalUnit.SAC_SECOND:
159 | case LexicalUnit.SAC_HERTZ:
160 | case LexicalUnit.SAC_KILOHERTZ:
161 | // these are all measurements
162 | return lu.getFloatValue() + lu.getDimensionUnitText();
163 | case LexicalUnit.SAC_INTEGER:
164 | // just a number
165 | return String.valueOf(lu.getIntegerValue());
166 | case LexicalUnit.SAC_REAL:
167 | // just a number
168 | return String.valueOf(lu.getFloatValue());
169 | case LexicalUnit.SAC_STRING_VALUE:
170 | case LexicalUnit.SAC_IDENT:
171 | // just a string/identifier
172 | String value = lu.getStringValue();
173 | if (forbiddenAttr.matcher(value).find()) {
174 | value = "";
175 | }
176 | return value;
177 | case LexicalUnit.SAC_URI:
178 | return "";
179 | case LexicalUnit.SAC_RGBCOLOR:
180 | // this is a rgb encoded color
181 | int color = 0;
182 | LexicalUnit param = lu.getParameters();
183 | color |= param.getIntegerValue() << 16;
184 | param = param.getNextLexicalUnit(); // comma
185 | param = param.getNextLexicalUnit(); // G value
186 | color |= param.getIntegerValue() << 8;
187 | param = param.getNextLexicalUnit(); // comma
188 | param = param.getNextLexicalUnit(); // B value
189 | color |= param.getIntegerValue();
190 | color = color & 0xFFFFFF;
191 | String val = Integer.toHexString(color);
192 | if (val.length() >= 6) {
193 | return "#" + val;
194 | }
195 | return "#000000".substring(0, 7 - val.length()) + val;
196 | case LexicalUnit.SAC_INHERIT:
197 | // constant
198 | return "inherit";
199 | case LexicalUnit.SAC_ATTR:
200 | case LexicalUnit.SAC_COUNTER_FUNCTION:
201 | case LexicalUnit.SAC_COUNTERS_FUNCTION:
202 | case LexicalUnit.SAC_FUNCTION:
203 | case LexicalUnit.SAC_RECT_FUNCTION:
204 | case LexicalUnit.SAC_SUB_EXPRESSION:
205 | case LexicalUnit.SAC_UNICODERANGE:
206 | default:
207 | // these are properties that shouldn't be necessary for most run
208 | // of the mill HTML/CSS
209 | return " ";
210 | }
211 | }
212 | }
213 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/codec/HtmlDecodeRef.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.codec;
2 |
3 | import java.util.HashMap;
4 | import java.util.Map;
5 |
6 | /**
7 | * 快速html/js/xml 反编码实体类
8 | */
9 | public class HtmlDecodeRef {
10 |
11 | private static final String[][] BASIC_ARRAY = { { """, "34" }, { "&", "38" }, { "<", "60" },
12 | { ">", "62" } };
13 | private static final String[][] APOS_ARRAY = { { "'", "39" } };
14 |
15 | // IE下, 无法解释' 这个和通常标准有差异, 但是单引号是比较麻烦的行为, 所以, 还是转义一下为好, 可以避免HTML难写的行为
16 | private static final String[][] APOS_ARRAY_HTML = { { "'", "39" } };
17 |
18 | private static final String[][] ISO8859_1_ARRAY = { { " ", "160" }, { "¡", "161" }, { "¢", "162" },
19 | { "£", "163" }, { "¤", "164" }, { "¥", "165" }, { "¦", "166" },
20 | { "§", "167" }, { "¨", "168" }, { "©", "169" }, { "ª", "170" }, { "«", "171" },
21 | { "¬", "172" }, { "", "173" }, { "®", "174" }, { "¯", "175" }, { "°", "176" },
22 | { "±", "177" }, { "²", "178" }, { "³", "179" }, { "´", "180" },
23 | { "µ", "181" }, { "¶", "182" }, { "·", "183" }, { "¸", "184" },
24 | { "¹", "185" }, { "º", "186" }, { "»", "187" }, { "¼", "188" },
25 | { "½", "189" }, { "¾", "190" }, { "¿", "191" }, { "À", "192" },
26 | { "Á", "193" }, { "Â", "194" }, { "Ã", "195" }, { "Ä", "196" },
27 | { "Å", "197" }, { "Æ", "198" }, { "Ç", "199" }, { "È", "200" },
28 | { "É", "201" }, { "Ê", "202" }, { "Ë", "203" }, { "Ì", "204" },
29 | { "Í", "205" }, { "Î", "206" }, { "Ï", "207" }, { "Ð", "208" },
30 | { "Ñ", "209" }, { "Ò", "210" }, { "Ó", "211" }, { "Ô", "212" },
31 | { "Õ", "213" }, { "Ö", "214" }, { "×", "215" }, { "Ø", "216" },
32 | { "Ù", "217" }, { "Ú", "218" }, { "Û", "219" }, { "Ü", "220" },
33 | { "Ý", "221" }, { "Þ", "222" }, { "ß", "223" }, { "à", "224" },
34 | { "á", "225" }, { "â", "226" }, { "ã", "227" }, { "ä", "228" },
35 | { "å", "229" }, { "æ", "230" }, { "ç", "231" }, { "è", "232" },
36 | { "é", "233" }, { "ê", "234" }, { "ë", "235" }, { "ì", "236" },
37 | { "í", "237" }, { "î", "238" }, { "ï", "239" }, { "ð", "240" },
38 | { "ñ", "241" }, { "ò", "242" }, { "ó", "243" }, { "ô", "244" },
39 | { "õ", "245" }, { "ö", "246" }, { "÷", "247" }, { "ø", "248" },
40 | { "ù", "249" }, { "ú", "250" }, { "û", "251" }, { "ü", "252" },
41 | { "ý", "253" }, { "þ", "254" }, { "ÿ", "255" }, };
42 | private static final String[][] HTML40_ARRAY = { { "ƒ", "402" }, { "Α", "913" }, { "Β", "914" },
43 | { "Γ", "915" }, { "Δ", "916" }, { "Ε", "917" }, { "Ζ", "918" },
44 | { "Η", "919" }, { "Θ", "920" }, { "Ι", "921" }, { "Κ", "922" }, { "Λ", "923" },
45 | { "Μ", "924" }, { "Ν", "925" }, { "Ξ", "926" }, { "Ο", "927" }, { "Π", "928" },
46 | { "Ρ", "929" }, { "Σ", "931" }, { "Τ", "932" }, { "Υ", "933" }, { "Φ", "934" },
47 | { "Χ", "935" }, { "Ψ", "936" }, { "Ω", "937" }, { "α", "945" }, { "β", "946" },
48 | { "γ", "947" }, { "δ", "948" }, { "ε", "949" }, { "ζ", "950" },
49 | { "η", "951" }, { "θ", "952" }, { "ι", "953" }, { "κ", "954" }, { "λ", "955" },
50 | { "μ", "956" }, { "ν", "957" }, { "ξ", "958" }, { "ο", "959" }, { "π", "960" },
51 | { "ρ", "961" }, { "ς", "962" }, { "σ", "963" }, { "τ", "964" },
52 | { "υ", "965" }, { "φ", "966" }, { "χ", "967" }, { "ψ", "968" }, { "ω", "969" },
53 | { "ϑ", "977" }, { "ϒ", "978" }, { "ϖ", "982" }, { "•", "8226" },
54 | { "…", "8230" }, { "′", "8242" }, { "″", "8243" }, { "‾", "8254" },
55 | { "⁄", "8260" }, { "℘", "8472" }, { "ℑ", "8465" }, { "ℜ", "8476" },
56 | { "™", "8482" }, { "ℵ", "8501" }, { "←", "8592" }, { "↑", "8593" },
57 | { "→", "8594" }, { "↓", "8595" }, { "↔", "8596" }, { "↵", "8629" },
58 | { "⇐", "8656" }, { "⇑", "8657" }, { "⇒", "8658" }, { "⇓", "8659" },
59 | { "⇔", "8660" }, { "∀", "8704" }, { "∂", "8706" }, { "∃", "8707" },
60 | { "∅", "8709" }, { "∇", "8711" }, { "∈", "8712" }, { "∉", "8713" },
61 | { "∋", "8715" }, { "∏", "8719" }, { "∑", "8721" }, { "−", "8722" },
62 | { "∗", "8727" }, { "√", "8730" }, { "∝", "8733" }, { "∞", "8734" },
63 | { "∠", "8736" }, { "∧", "8743" }, { "∨", "8744" }, { "∩", "8745" }, { "∪", "8746" },
64 | { "∫", "8747" }, { "∴", "8756" }, { "∼", "8764" }, { "≅", "8773" },
65 | { "≈", "8776" }, { "≠", "8800" }, { "≡", "8801" }, { "≤", "8804" }, { "≥", "8805" },
66 | { "⊂", "8834" }, { "⊃", "8835" }, { "⊆", "8838" }, { "⊇", "8839" },
67 | { "⊕", "8853" }, { "⊗", "8855" }, { "⊥", "8869" }, { "⋅", "8901" },
68 | { "⌈", "8968" }, { "⌉", "8969" }, { "⌊", "8970" }, { "⌋", "8971" },
69 | { "⟨", "9001" }, { "⟩", "9002" }, { "◊", "9674" }, { "♠", "9824" },
70 | { "♣", "9827" }, { "♥", "9829" }, { "♦", "9830" }, { "Œ", "338" },
71 | { "œ", "339" }, { "Š", "352" }, { "š", "353" }, { "Ÿ", "376" },
72 | { "ˆ", "710" }, { "˜", "732" }, { " ", "8194" }, { " ", "8195" },
73 | { " ", "8201" }, { "", "8204" }, { "", "8205" }, { "", "8206" },
74 | { "", "8207" }, { "–", "8211" }, { "—", "8212" }, { "‘", "8216" },
75 | { "’", "8217" }, { "‚", "8218" }, { "“", "8220" }, { "”", "8221" },
76 | { "„", "8222" }, { "†", "8224" }, { "‡", "8225" }, { "‰", "8240" },
77 | { "‹", "8249" }, { "›", "8250" }, { "€", "8364" } };
78 |
79 | private HtmlDecodeRef(){
80 | }
81 |
82 | public static final HtmlDecodeRef INSTANCE = new HtmlDecodeRef();
83 |
84 | static {
85 | INSTANCE.addRefs(APOS_ARRAY);
86 | INSTANCE.addRefs(BASIC_ARRAY);
87 | INSTANCE.addRefs(ISO8859_1_ARRAY);
88 | INSTANCE.addRefs(APOS_ARRAY_HTML);
89 | INSTANCE.addRefs(HTML40_ARRAY);
90 | }
91 |
92 | private Map<String, Character> map = new HashMap<String, Character>();
93 |
94 | public static HtmlDecodeRef getInstance() {
95 | return INSTANCE;
96 | }
97 |
98 | public void addRefs(String[][] refArray) {
99 | for (int i = 0; i < refArray.length; i++) {
100 | char c = (char) Integer.parseInt(refArray[i][1]);
101 | addRef(c, refArray[i][0]);
102 | }
103 | }
104 |
105 | public void addRef(char charValue, String entiryName) {
106 | map.put(entiryName, charValue);
107 | }
108 |
109 | public Character getChar(String entiryName) {
110 | return map.get(entiryName);
111 | }
112 |
113 | }
114 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/text/data/BJX_U8.TXT:
--------------------------------------------------------------------------------
1 | 赵 zhao
2 | 钱 qian
3 | 孙 sun
4 | 李 li
5 | 周 zhou
6 | 吴 wu
7 | 郑 zheng
8 | 王 wang
9 | 冯 feng
10 | 陈 chen
11 | 褚 chu
12 | 卫 wei
13 | 蒋 jiang
14 | 沈 shen
15 | 韩 han
16 | 杨 yang
17 | 朱 zhu
18 | 秦 qin
19 | 尤 you
20 | 许 xu
21 | 何 he
22 | 吕 lv
23 | 施 shi
24 | 张 zhang
25 | 孔 kong
26 | 曹 cao
27 | 严 yan
28 | 华 hua
29 | 金 jin
30 | 魏 wei
31 | 陶 tao
32 | 姜 jiang
33 | 戚 qi
34 | 谢 xie
35 | 邹 zou
36 | 喻 yu
37 | 柏 bai
38 | 水 shui
39 | 窦 dou
40 | 章 zhang
41 | 云 yun
42 | 苏 su
43 | 潘 pan
44 | 葛 ge
45 | 奚 xi
46 | 范 fan
47 | 彭 peng
48 | 郎 lang
49 | 鲁 lu
50 | 韦 wei
51 | 昌 chang
52 | 马 ma
53 | 苗 miao
54 | 凤 feng
55 | 花 hua
56 | 方 fang
57 | 俞 yu
58 | 任 ren
59 | 袁 yuan
60 | 柳 liu
61 | 酆 feng
62 | 鲍 bao
63 | 史 shi
64 | 唐 tang
65 | 费 fei
66 | 廉 lian
67 | 岑 cen
68 | 薛 xue
69 | 雷 lei
70 | 贺 he
71 | 倪 ni
72 | 汤 tang
73 | 滕 teng
74 | 殷 yin
75 | 罗 luo
76 | 毕 bi
77 | 郝 hao
78 | 邬 wu
79 | 安 an
80 | 常 chang
81 | 乐 yue
82 | 于 yu
83 | 时 shi
84 | 傅 fu
85 | 皮 pi
86 | 卞 bian
87 | 齐 qi
88 | 康 kang
89 | 伍 wu
90 | 余 yu
91 | 元 yuan
92 | 卜 bu
93 | 顾 gu
94 | 孟 meng
95 | 平 ping
96 | 黄 huang
97 | 和 he
98 | 穆 mu
99 | 萧 xiao
100 | 尹 yin
101 | 姚 yao
102 | 邵 shao
103 | 湛 zhan
104 | 汪 wang
105 | 祁 qi
106 | 毛 mao
107 | 禹 yu
108 | 狄 di
109 | 米 mi
110 | 贝 bei
111 | 明 ming
112 | 臧 zang
113 | 计 ji
114 | 伏 fu
115 | 成 cheng
116 | 戴 dai
117 | 谈 tan
118 | 宋 song
119 | 茅 mao
120 | 庞 pang
121 | 熊 xiong
122 | 纪 ji
123 | 舒 shu
124 | 屈 qu
125 | 项 xiang
126 | 祝 zhu
127 | 董 dong
128 | 梁 liang
129 | 杜 du
130 | 阮 ruan
131 | 蓝 lan
132 | 闵 min
133 | 席 xi
134 | 季 ji
135 | 麻 ma
136 | 强 qiang
137 | 贾 jia
138 | 路 lu
139 | 娄 lou
140 | 危 wei
141 | 江 jiang
142 | 童 tong
143 | 颜 yan
144 | 郭 guo
145 | 梅 mei
146 | 盛 sheng
147 | 林 lin
148 | 刁 diao
149 | 钟 zhong
150 | 徐 xu
151 | 邱 qiu
152 | 骆 luo
153 | 高 gao
154 | 夏 xia
155 | 蔡 cai
156 | 田 tian
157 | 樊 fan
158 | 胡 hu
159 | 凌 ling
160 | 霍 huo
161 | 虞 yu
162 | 万 wan
163 | 支 zhi
164 | 柯 ke
165 | 昝 zan
166 | 管 guan
167 | 卢 lu
168 | 莫 mo
169 | 经 jing
170 | 房 fang
171 | 裘 qiu
172 | 缪 miao
173 | 干 gan
174 | 解 xie
175 | 应 ying
176 | 宗 zong
177 | 丁 ding
178 | 宣 xuan
179 | 贲 ben
180 | 邓 deng
181 | 郁 yu
182 | 单 shan
183 | 杭 hang
184 | 洪 hong
185 | 包 bao
186 | 诸 zhu
187 | 左 zuo
188 | 石 shi
189 | 崔 cui
190 | 吉 ji
191 | 钮 niu
192 | 龚 gong
193 | 程 cheng
194 | 嵇 ji
195 | 邢 xing
196 | 滑 hua
197 | 裴 pei
198 | 陆 lu
199 | 荣 rong
200 | 翁 weng
201 | 荀 xun
202 | 羊 yang
203 | 於 yu
204 | 惠 hui
205 | 甄 zhen
206 | 曲 qu
207 | 家 jia
208 | 封 feng
209 | 芮 rui
210 | 羿 yi
211 | 储 chu
212 | 靳 jin
213 | 汲 ji
214 | 邴 bing
215 | 糜 mi
216 | 松 song
217 | 井 jing
218 | 段 duan
219 | 富 fu
220 | 巫 wu
221 | 乌 wu
222 | 焦 jiao
223 | 巴 ba
224 | 弓 gong
225 | 牧 mu
226 | 隗 kui
227 | 山 shan
228 | 谷 gu
229 | 车 che
230 | 侯 hou
231 | 宓 mi
232 | 蓬 peng
233 | 全 quan
234 | 郗 xi
235 | 班 ban
236 | 仰 yang
237 | 秋 qiu
238 | 仲 zhong
239 | 伊 yi
240 | 宫 gong
241 | 宁 ning
242 | 仇 qiu
243 | 栾 luan
244 | 暴 bao
245 | 甘 gan
246 | 钭 tou
247 | 厉 li
248 | 戎 rong
249 | 祖 zu
250 | 武 wu
251 | 符 fu
252 | 刘 liu
253 | 景 jing
254 | 詹 zhan
255 | 束 shu
256 | 龙 long
257 | 叶 ye
258 | 幸 xing
259 | 司 si
260 | 韶 shao
261 | 郜 gao
262 | 黎 li
263 | 蓟 ji
264 | 薄 bo
265 | 印 yin
266 | 宿 su
267 | 白 bai
268 | 怀 huai
269 | 蒲 pu
270 | 邰 tai
271 | 从 cong
272 | 鄂 e
273 | 索 suo
274 | 咸 xian
275 | 籍 ji
276 | 赖 lai
277 | 卓 zhuo
278 | 蔺 lin
279 | 屠 tu
280 | 蒙 meng
281 | 池 chi
282 | 乔 qiao
283 | 阴 yin
284 | 鬱 yu
285 | 胥 xu
286 | 能 nai
287 | 苍 cang
288 | 双 shuang
289 | 闻 wen
290 | 莘 shen
291 | 党 dang
292 | 翟 zhai
293 | 谭 tan
294 | 贡 gong
295 | 劳 lao
296 | 逄 pang
297 | 姬 ji
298 | 申 shen
299 | 扶 fu
300 | 堵 du
301 | 冉 ran
302 | 宰 zai
303 | 郦 li
304 | 雍 yong
305 | 郤 xi
306 | 璩 qu
307 | 桑 sang
308 | 桂 gui
309 | 濮 pu
310 | 牛 niu
311 | 寿 shou
312 | 通 tong
313 | 边 bian
314 | 扈 hu
315 | 燕 yan
316 | 冀 ji
317 | 郏 jia
318 | 浦 pu
319 | 尚 shang
320 | 农 nong
321 | 温 wen
322 | 别 bie
323 | 庄 zhuang
324 | 晏 yan
325 | 柴 chai
326 | 瞿 qu
327 | 阎 yan
328 | 充 chong
329 | 慕 mu
330 | 连 lian
331 | 茹 ru
332 | 习 xi
333 | 宦 huan
334 | 艾 ai
335 | 鱼 yu
336 | 容 rong
337 | 向 xiang
338 | 古 gu
339 | 易 yi
340 | 慎 shen
341 | 戈 ge
342 | 廖 liao
343 | 庾 yu
344 | 终 zhong
345 | 暨 ji
346 | 居 ju
347 | 衡 heng
348 | 步 bu
349 | 都 du
350 | 耿 geng
351 | 满 man
352 | 弘 hong
353 | 匡 kuang
354 | 国 guo
355 | 文 wen
356 | 寇 kou
357 | 广 guang
358 | 禄 lu
359 | 阙 que
360 | 东 dong
361 | 欧 ou
362 | 殳 shu
363 | 沃 wo
364 | 利 li
365 | 蔚 wei
366 | 越 yue
367 | 夔 kui
368 | 隆 long
369 | 师 shi
370 | 巩 gong
371 | 厍 she
372 | 聂 nie
373 | 晁 chao
374 | 勾 gou
375 | 敖 ao
376 | 融 rong
377 | 冷 leng
378 | 訾 zi
379 | 辛 xin
380 | 阚 kan
381 | 那 na
382 | 简 jian
383 | 饶 rao
384 | 空 kong
385 | 曾 zeng
386 | 母 mu
387 | 沙 sha
388 | 乜 nie
389 | 养 yang
390 | 鞠 ju
391 | 须 xu
392 | 丰 feng
393 | 巢 chao
394 | 关 guan
395 | 蒯 kuai
396 | 相 xiang
397 | 查 zha
398 | 后 hou
399 | 荆 jing
400 | 红 hong
401 | 游 you
402 | 竺 zhu
403 | 权 quan
404 | 逯 lu
405 | 盖 gai
406 | 益 yi
407 | 桓 huan
408 | 公 gong
409 | 万俟 mo,qi
410 | 司马 si,ma
411 | 上官 shang,guan
412 | 欧阳 ou,yang
413 | 夏侯 xia,hou
414 | 诸葛 zhu,ge
415 | 闻人 wen,ren
416 | 东方 dong,fang
417 | 赫连 he,lian
418 | 皇甫 huang,fu
419 | 尉迟 yu,chi
420 | 公羊 gong,yang
421 | 澹台 tan,tai
422 | 公冶 gong,ye
423 | 宗政 zong,zheng
424 | 濮阳 pu,yang
425 | 淳于 chun,yu
426 | 单于 chan,yu
427 | 太叔 tai,shu
428 | 申屠 shen,tu
429 | 公孙 gong,sun
430 | 仲孙 zhong,sun
431 | 轩辕 xuan,yuan
432 | 令狐 ling,hu
433 | 钟离 zhong,li
434 | 宇文 yu,wen
435 | 长孙 zhang,sun
436 | 慕容 mu,rong
437 | 鲜于 xian,yu
438 | 闾丘 lv,qiu
439 | 司徒 si,tu
440 | 司空 si,kong
441 | 亓官 qi,guan
442 | 司寇 si,kou
443 | 仉 zhang
444 | 督 du
445 | 子车 zi,ju
446 | 颛孙 zhuan,sun
447 | 端 duan
448 | 木 mu
449 | 巫马 wu,ma
450 | 公西 gong,xi
451 | 漆雕 qi,diao
452 | 乐正 yue,zheng
453 | 壤驷 rang,si
454 | 公良 gong,liang
455 | 拓跋 tuo,ba
456 | 夹谷 jia,gu
457 | 宰父 zai,fu
458 | 谷梁 gu,liang
459 | 晋 jin
460 | 楚 chu
461 | 闫 yan
462 | 法 fa
463 | 汝 ru
464 | 鄢 yan
465 | 涂 tu
466 | 钦 qin
467 | 段干 duan,gan
468 | 百里 bai,li
469 | 东郭 dong,guo
470 | 南门 nan,men
471 | 呼延 hu,yan
472 | 归 gui
473 | 海 hai
474 | 羊舌 yang,she
475 | 微生 wei,sheng
476 | 岳 yue
477 | 帅 shuai
478 | 缑 gou
479 | 亢 kang
480 | 况 kuang
481 | 后 hou
482 | 有 you
483 | 琴 qin
484 | 梁丘 liang,qiu
485 | 左丘 zuo,qiu
486 | 东门 dong,men
487 | 西门 xi,men
488 | 商 shang
489 | 牟 mou
490 | 佘 she
491 | 佴 nai
492 | 伯 bo
493 | 赏 shang
494 | 南宫 nan,gong
495 | 墨 mo
496 | 哈 ha
497 | 谯 qiao
498 | 笪 da
499 | 年 nian
500 | 爱 ai
501 | 阳 yang
502 | 佟 tong
503 | 爱新觉罗 ai,xin,jue,luo
504 | 碧鲁 bi,lu
505 | 伯赏 bo,shang
506 | 博尔济锦 bo,er,ji,jin
507 | 藏 zang
508 | 操 cao
509 | 畅 chang
510 | 谌 chen
511 | 承 cheng
512 | 初 chu
513 | 刀 dao
514 | 道 dao
515 | 第五 di,wu
516 | 独孤 du,gu
517 | 端木 duan,mu
518 | 多 duo
519 | 额尔德雨 e,er,de,yu
520 | 藩 fan
521 | 逢 feng
522 | 洑 fu
523 | 浮 fu
524 | 富察 fu,cha
525 | 刚 gang
526 | 庚 geng
527 | 缑亢 gou,kang
528 | 苟 gou
529 | 辜 gu
530 | 谷粱 gu,liang
531 | 官 guan
532 | 冠 guan
533 | 光 guang
534 | 归海 gui,hai
535 | 妫 gui
536 | 过 guo
537 | 赫 he
538 | 赫舍里 he,she,li
539 | 後 hou
540 | 户 hu
541 | 荤 hun
542 | 基 ji
543 | 剪 jian
544 | 蹇 jian
545 | 矫 jiao
546 | 揭 jie
547 | 晋楚 jin,chu
548 | 咎 jiu
549 | 觉尔察 jue,er,cha
550 | 卡 ka
551 | 堪 kan
552 | 库雅喇 ku,ya,la
553 | 邝 kuang
554 | 况后 kuang,hou
555 | 旷 kuang
556 | 来 lai
557 | 励 li
558 | 粱 liang
559 | 留 liu
560 | 楼 lou
561 | 鹿 lu
562 | 麦 mai
563 | 冒 mao
564 | 门 men
565 | 芈 mi
566 | 谬 miu
567 | 墨哈 mo,ha
568 | 睦 mu
569 | 那拉 na,la
570 | 纳喇 na,la
571 | 南 nan
572 | 讷殷富察 ne,yin,fu,cha
573 | 年爱 nian,ai
574 | 钮祜禄 niu,hu,lu
575 | 殴 ou
576 | 朋 peng
577 | 朴 piao
578 | 漆 qi
579 | 谯笪 qiao,da
580 | 青 qing
581 | 卿 qing
582 | 清 qing
583 | 庆 qing
584 | 邛 qiong
585 | 丘 qiu
586 | 求 qiu
587 | 区 ou
588 | 麴 qu
589 | 卻 que
590 | 让 rang
591 | 汝鄢 ru,yan
592 | 撒哈拉 sa,ha,la
593 | 萨 sa
594 | 萨克达 sa,ke,da
595 | 萨嘛喇 sa,ma,la
596 | 赛 sai
597 | 商牟 shang,mou
598 | 佘佴 she,er
599 | 生 sheng
600 | 是 shi
601 | 释 shi
602 | 首 shou
603 | 疏束 shu,shu
604 | 斯 si
605 | 粟 su
606 | 隋 sui
607 | 他塔喇 ta,ta,la
608 | 台 tai
609 | 泰 tai
610 | 覃 qin
611 | 腾 teng
612 | 同 tong
613 | 图门 tu,men
614 | 涂钦 tu,qin
615 | 拓拔 tuo,ba
616 | 尉 wei
617 | 问 wen
618 | 乌雅 wu,ya
619 | 毋 wu
620 | 吾 wu
621 | 喜塔腊 xi,ta,la
622 | 鲜 xian
623 | 冼 xian
624 | 相里 xiang,li
625 | 肖 xiao
626 | 忻 xin
627 | 寻 xun
628 | 闫法 yan,fa
629 | 言 yan
630 | 言福 yan,fu
631 | 阳佟 yang,tong
632 | 业 ye
633 | 叶赫那拉 ye,he,na,la
634 | 叶赫那兰 ye,he,na,lan
635 | 伊雨根觉罗 yi,yu,gen,jue,luo
636 | 衣 yi
637 | 依尔觉悟罗 yi,er,jue,luo
638 | 义 yi
639 | 奕 yi
640 | 银 yin
641 | 英 ying
642 | 有琴 you,qin
643 | 酉 you
644 | 羽 yu
645 | 愈 yu
646 | 岳帅 yue,shuai
647 | 恽 yun
648 | 迮 ze
649 | 展 zhan
650 | 占 zhan
651 | 章佳 zhang,jia
652 | 仉督 zhang,du
653 | 招 zhao
654 | 真 zhen
655 | 植 zhi
656 | 仲长 zhong,chang
657 | 竹 zhu
658 | 爪雨佳 zhua,yu,jia
659 | 禚 zhuo
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/codec/HtmlFastEntities.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.codec;
2 |
3 | import java.util.BitSet;
4 | import java.util.HashMap;
5 | import java.util.Map;
6 |
7 | /**
8 | * 快速html/js/xml 编码实现
9 | */
10 | public class HtmlFastEntities extends FastDetectChar {
11 |
12 | private static final String[][] BASIC_ARRAY = { { """, "34" }, { "&", "38" }, { "<", "60" },
13 | { ">", "62" } };
14 | private static final String[][] APOS_ARRAY = { { "'", "39" } };
15 |
16 | // IE下, 无法解释' 这个和通常标准有差异, 但是单引号是比较麻烦的行为, 所以, 还是转义一下为好, 可以避免HTML难写的行为
17 | private static final String[][] APOS_ARRAY_HTML = { { "'", "39" } };
18 |
19 | private static final String[][] ISO8859_1_ARRAY = { { " ", "160" }, { "¡", "161" },
20 | { "¢", "162" }, { "£", "163" }, { "¤", "164" }, { "¥", "165" },
21 | { "¦", "166" }, { "§", "167" }, { "¨", "168" }, { "©", "169" }, { "ª", "170" },
22 | { "«", "171" }, { "¬", "172" }, { "", "173" }, { "®", "174" }, { "¯", "175" },
23 | { "°", "176" }, { "±", "177" }, { "²", "178" }, { "³", "179" }, { "´", "180" },
24 | { "µ", "181" }, { "¶", "182" }, { "·", "183" }, { "¸", "184" },
25 | { "¹", "185" }, { "º", "186" }, { "»", "187" }, { "¼", "188" },
26 | { "½", "189" }, { "¾", "190" }, { "¿", "191" }, { "À", "192" },
27 | { "Á", "193" }, { "Â", "194" }, { "Ã", "195" }, { "Ä", "196" },
28 | { "Å", "197" }, { "Æ", "198" }, { "Ç", "199" }, { "È", "200" },
29 | { "É", "201" }, { "Ê", "202" }, { "Ë", "203" }, { "Ì", "204" },
30 | { "Í", "205" }, { "Î", "206" }, { "Ï", "207" }, { "Ð", "208" },
31 | { "Ñ", "209" }, { "Ò", "210" }, { "Ó", "211" }, { "Ô", "212" },
32 | { "Õ", "213" }, { "Ö", "214" }, { "×", "215" }, { "Ø", "216" },
33 | { "Ù", "217" }, { "Ú", "218" }, { "Û", "219" }, { "Ü", "220" },
34 | { "Ý", "221" }, { "Þ", "222" }, { "ß", "223" }, { "à", "224" },
35 | { "á", "225" }, { "â", "226" }, { "ã", "227" }, { "ä", "228" },
36 | { "å", "229" }, { "æ", "230" }, { "ç", "231" }, { "è", "232" },
37 | { "é", "233" }, { "ê", "234" }, { "ë", "235" }, { "ì", "236" },
38 | { "í", "237" }, { "î", "238" }, { "ï", "239" }, { "ð", "240" },
39 | { "ñ", "241" }, { "ò", "242" }, { "ó", "243" }, { "ô", "244" },
40 | { "õ", "245" }, { "ö", "246" }, { "÷", "247" }, { "ø", "248" },
41 | { "ù", "249" }, { "ú", "250" }, { "û", "251" }, { "ü", "252" },
42 | { "ý", "253" }, { "þ", "254" }, { "ÿ", "255" }, };
43 | private static final String[][] HTML40_ARRAY = { { "ƒ", "402" }, { "Α", "913" },
44 | { "Β", "914" }, { "Γ", "915" }, { "Δ", "916" }, { "Ε", "917" },
45 | { "Ζ", "918" }, { "Η", "919" }, { "Θ", "920" }, { "Ι", "921" }, { "Κ", "922" },
46 | { "Λ", "923" }, { "Μ", "924" }, { "Ν", "925" }, { "Ξ", "926" }, { "Ο", "927" },
47 | { "Π", "928" }, { "Ρ", "929" }, { "Σ", "931" }, { "Τ", "932" }, { "Υ", "933" },
48 | { "Φ", "934" }, { "Χ", "935" }, { "Ψ", "936" }, { "Ω", "937" }, { "α", "945" },
49 | { "β", "946" }, { "γ", "947" }, { "δ", "948" }, { "ε", "949" },
50 | { "ζ", "950" }, { "η", "951" }, { "θ", "952" }, { "ι", "953" }, { "κ", "954" },
51 | { "λ", "955" }, { "μ", "956" }, { "ν", "957" }, { "ξ", "958" }, { "ο", "959" },
52 | { "π", "960" }, { "ρ", "961" }, { "ς", "962" }, { "σ", "963" }, { "τ", "964" },
53 | { "υ", "965" }, { "φ", "966" }, { "χ", "967" }, { "ψ", "968" }, { "ω", "969" },
54 | { "ϑ", "977" }, { "ϒ", "978" }, { "ϖ", "982" }, { "•", "8226" },
55 | { "…", "8230" }, { "′", "8242" }, { "″", "8243" }, { "‾", "8254" },
56 | { "⁄", "8260" }, { "℘", "8472" }, { "ℑ", "8465" }, { "ℜ", "8476" },
57 | { "™", "8482" }, { "ℵ", "8501" }, { "←", "8592" }, { "↑", "8593" },
58 | { "→", "8594" }, { "↓", "8595" }, { "↔", "8596" }, { "↵", "8629" },
59 | { "⇐", "8656" }, { "⇑", "8657" }, { "⇒", "8658" }, { "⇓", "8659" },
60 | { "⇔", "8660" }, { "∀", "8704" }, { "∂", "8706" }, { "∃", "8707" },
61 | { "∅", "8709" }, { "∇", "8711" }, { "∈", "8712" }, { "∉", "8713" },
62 | { "∋", "8715" }, { "∏", "8719" }, { "∑", "8721" }, { "−", "8722" },
63 | { "∗", "8727" }, { "√", "8730" }, { "∝", "8733" }, { "∞", "8734" },
64 | { "∠", "8736" }, { "∧", "8743" }, { "∨", "8744" }, { "∩", "8745" }, { "∪", "8746" },
65 | { "∫", "8747" }, { "∴", "8756" }, { "∼", "8764" }, { "≅", "8773" },
66 | { "≈", "8776" }, { "≠", "8800" }, { "≡", "8801" }, { "≤", "8804" }, { "≥", "8805" },
67 | { "⊂", "8834" }, { "⊃", "8835" }, { "⊆", "8838" }, { "⊇", "8839" },
68 | { "⊕", "8853" }, { "⊗", "8855" }, { "⊥", "8869" }, { "⋅", "8901" },
69 | { "⌈", "8968" }, { "⌉", "8969" }, { "⌊", "8970" }, { "⌋", "8971" },
70 | { "⟨", "9001" }, { "⟩", "9002" }, { "◊", "9674" }, { "♠", "9824" },
71 | { "♣", "9827" }, { "♥", "9829" }, { "♦", "9830" }, { "Œ", "338" },
72 | { "œ", "339" }, { "Š", "352" }, { "š", "353" }, { "Ÿ", "376" },
73 | { "ˆ", "710" }, { "˜", "732" }, { " ", "8194" }, { " ", "8195" },
74 | { " ", "8201" }, { "", "8204" }, { "", "8205" }, { "", "8206" },
75 | { "", "8207" }, { "–", "8211" }, { "—", "8212" }, { "‘", "8216" },
76 | { "’", "8217" }, { "‚", "8218" }, { "“", "8220" }, { "”", "8221" },
77 | { "„", "8222" }, { "†", "8224" }, { "‡", "8225" }, { "‰", "8240" },
78 | { "‹", "8249" }, { "›", "8250" }, { "€", "8364" } };
79 | public static final HtmlFastEntities XML;
80 | public static final HtmlFastEntities HTML40;
81 |
82 | static {
83 | XML = new HtmlFastEntities();
84 | XML.addEntities(BASIC_ARRAY);
85 | XML.addEntities(APOS_ARRAY);
86 | }
87 |
88 | static {
89 | HTML40 = new HtmlFastEntities();
90 | HTML40.addEntities(BASIC_ARRAY);
91 | HTML40.addEntities(ISO8859_1_ARRAY);
92 | HTML40.addEntities(APOS_ARRAY_HTML);
93 | HTML40.addEntities(HTML40_ARRAY);
94 | }
95 |
96 | public void addEntities(String[][] entityArray) {
97 | for (int i = 0; i < entityArray.length; ++i) {
98 | char c = (char) Integer.parseInt(entityArray[i][1]);
99 | addEntity(c, entityArray[i][0]);
100 | this.addTransferChar(c);
101 | }
102 | }
103 |
104 | /**
105 | * <pre>
106 | * 做了几个有速度的处理, 在很多情况下,可能提高10倍以上的性能, 以及节约不少内存使用。
107 | * 1.返回结果根据时候发生了编码进行改进, 如果没有发生编码,那么直接返回原来的str.
108 | * 2.快速检查是否要进行转码
109 | * 3.使用快速查表, 对0-255的字符进行快速查找
110 | * </pre>
111 | *
112 | * @param str
113 | * @return
114 | */
115 | public String escape(String str) {
116 | if (str == null) {
117 | return null;
118 | }
119 | StringBuilder buffer = null;
120 | int len = str.length();
121 | char ch;
122 | char[] entityName;
123 | for (int i = 0; i < len; i++) {
124 | ch = str.charAt(i);
125 | entityName = getEntity(ch);
126 | if (entityName == null) {
127 | if (buffer != null) {
128 | buffer.append(ch);
129 | }
130 | } else {
131 | if (buffer == null) {
132 | buffer = new StringBuilder(str.length() << 1);
133 | buffer.append(str, 0, i);
134 | }
135 | buffer.append(entityName);
136 | }
137 | }
138 | if (buffer != null) {
139 | return buffer.toString();
140 | } else {
141 | return str;
142 | }
143 | }
144 |
145 |
146 |
147 | }
148 |
149 | class FastDetectChar {
150 |
151 | private Map<Character, char[]> map = new HashMap<Character, char[]>();
152 | private int LOOKUP_TABLE_SIZE = 256;
153 | private char[][] lookupTable = new char[LOOKUP_TABLE_SIZE][];
154 | BitSet maskSet = new BitSet(1 << 16);
155 |
156 | public void addEntity(char charValue, String entiryName) {
157 | if (charValue > -1 && charValue < LOOKUP_TABLE_SIZE) {
158 | lookupTable[charValue] = entiryName.toCharArray();
159 | }
160 | map.put(charValue, entiryName.toCharArray());
161 | }
162 |
163 | public char[] getEntity(char charValue) {
164 | if (charValue < LOOKUP_TABLE_SIZE) {
165 | return lookupTable[charValue];
166 | }
167 | return (maskSet.get(charValue) ? map.get(charValue) : null);
168 | }
169 |
170 | /**
171 | * 增加一个跳越字符
172 | *
173 | * @param c
174 | */
175 | public void addTransferChar(char c) {
176 | maskSet.set(c);
177 | }
178 | }
179 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/resources/ap-xss.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8" ?>
2 | <xss>
3 | <directives>
4 | <directive name="maxInputSize" value="1000000" />
5 | <directive name="maxCssInputSize" value="10000" />
6 | <directive name="enableStyleScan" value="true" />
7 | <directive name="removeComment" value="true" />
8 | <directive name="elemsLower" value="false" />
9 | <directive name="attrsLower" value="true" />
10 | <directive name="usePurifier" value="true" />
11 | <directive name="usePreXMLValid" value="true" />
12 | </directives>
13 | <common-regexps>
14 | <regexp name="offsiteURL" value="^http[s]{0,1}://([a-z0-9\-_]+\.)*(taobao|alipay|alibaba|1688|yahoo|alisoft|alimama|koubei|aliimg|alibado|alixueyuan)\.(com|net|cn|com\.cn)(/.*)*$" />
15 | <regexp name="commonOffsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[~\p{L}\p{N}\p{Zs}\-_\.@#$%&;:,\?=/\+!]*(\s)*" />
16 | </common-regexps>
17 | <!-- 标记通用属性属性 -->
18 | <tag-attributes>
19 | <attributes name="common">
20 | <attribute name="style" />
21 | <attribute name="align" />
22 | <attribute name="valign" />
23 | <attribute name="bgcolor" />
24 | <attribute name="background">
25 | <regexp-list>
26 | <regexp name="offsiteURL" />
27 | </regexp-list>
28 | </attribute>
29 | <attribute name="title" />
30 | </attributes>
31 | <attributes name="style">
32 | <attribute name="type" />
33 | </attributes>
34 | <attributes name="div">
35 | <attribute name="style" />
36 | <attribute name="align" />
37 | <attribute name="valign" />
38 | <attribute name="bgcolor" />
39 | <attribute name="background">
40 | <regexp-list>
41 | <regexp name="offsiteURL" />
42 | </regexp-list>
43 | </attribute>
44 | <attribute name="title" />
45 | </attributes>
46 | <attributes name="img">
47 | <attribute name="style" />
48 | <attribute name="align" />
49 | <attribute name="valign" />
50 | <attribute name="bgcolor" />
51 | <attribute name="background" />
52 | <attribute name="title" />
53 | <attribute name="src">
54 | <regexp-list>
55 | <regexp name="offsiteURL" />
56 | </regexp-list>
57 | </attribute>
58 | <attribute name="border" />
59 | <attribute name="width" />
60 | <attribute name="height" />
61 | <attribute name="alt" />
62 | <attribute name="usemap" />
63 | <!-- add -->
64 | <attribute name="hspace" />
65 | <attribute name="ismap" />
66 | <attribute name="vspace" />
67 | </attributes>
68 | <attributes name="font">
69 | <attribute name="style" />
70 | <attribute name="align" />
71 | <attribute name="valign" />
72 | <attribute name="bgcolor" />
73 | <attribute name="background">
74 | <regexp-list>
75 | <regexp name="offsiteURL" />
76 | </regexp-list>
77 | </attribute>
78 | <attribute name="title" />
79 | <attribute name="color" />
80 | <attribute name="size" />
81 | <attribute name="face" />
82 | </attributes>
83 | <attributes name="table">
84 | <attribute name="style" />
85 | <attribute name="align" />
86 | <attribute name="valign" />
87 | <attribute name="bgcolor" />
88 | <attribute name="background">
89 | <regexp-list>
90 | <regexp name="offsiteURL" />
91 | </regexp-list>
92 | </attribute>
93 | <attribute name="title" />
94 | <attribute name="border" />
95 | <attribute name="width" />
96 | <attribute name="height" />
97 | <attribute name="cellpadding" />
98 | <attribute name="cellspacing" />
99 | <attribute name="bordercolor" />
100 | <attribute name="blockquote" />
101 | <!-- add -->
102 | <attribute name="summary" />
103 | <attribute name="rules" />
104 | </attributes>
105 | <attributes name="td">
106 | <attribute name="style" />
107 | <attribute name="align" />
108 | <attribute name="valign" />
109 | <attribute name="bgcolor" />
110 | <attribute name="background">
111 | <regexp-list>
112 | <regexp name="offsiteURL" />
113 | </regexp-list>
114 | </attribute>
115 | <attribute name="title" />
116 | <attribute name="width" />
117 | <attribute name="height" />
118 | <attribute name="colspan" />
119 | <attribute name="rowspan" />
120 | <!-- add -->
121 | <attribute name="headers" />
122 | <attribute name="scope" />
123 | </attributes>
124 | <attributes name="marquee">
125 | <attribute name="style" />
126 | <attribute name="align" />
127 | <attribute name="valign" />
128 | <attribute name="bgcolor" />
129 | <attribute name="background">
130 | <regexp-list>
131 | <regexp name="offsiteURL" />
132 | </regexp-list>
133 | </attribute>
134 | <attribute name="title" />
135 | <attribute name="scrollamount" />
136 | <attribute name="direction" />
137 | <attribute name="behavior" />
138 | <attribute name="width" />
139 | <attribute name="height" />
140 | <attribute name="scrolldelay" />
141 | <!-- add -->
142 | <attribute name="loop" />
143 | </attributes>
144 | <attributes name="a">
145 | <attribute name="style" />
146 | <attribute name="align" />
147 | <attribute name="valign" />
148 | <attribute name="bgcolor" />
149 | <attribute name="background">
150 | <regexp-list>
151 | <regexp name="offsiteURL" />
152 | </regexp-list>
153 | </attribute>
154 | <attribute name="title" />
155 | <attribute name="target" />
156 | <attribute name="name" />
157 | <attribute name="href">
158 | <regexp-list>
159 | <regexp name="commonOffsiteURL" />
160 | </regexp-list>
161 | </attribute>
162 | <!-- add -->
163 | <attribute name="charset" />
164 | <attribute name="hreflang" />
165 | <attribute name="type" />
166 | <attribute name="shape" />
167 | </attributes>
168 | <attributes name="bgsound">
169 | <attribute name="src">
170 | <regexp-list>
171 | <regexp name="offsiteURL" />
172 | </regexp-list>
173 | </attribute>
174 | <attribute name="loop" />
175 | <!-- add -->
176 | <attribute name="autostart" />
177 | </attributes>
178 | <attributes name="map">
179 | <attribute name="name" />
180 | <!-- add -->
181 | <attribute name="title" />
182 | <attribute name="style" />
183 | </attributes>
184 | <attributes name="area">
185 | <attribute name="shape" />
186 | <attribute name="coords" />
187 | <!-- add -->
188 | <attribute name="href">
189 | <regexp-list>
190 | <regexp name="offsiteURL" />
191 | </regexp-list>
192 | </attribute>
193 | <attribute name="title" />
194 | <attribute name="style" />
195 | <attribute name="alt" />
196 | <attribute name="nohref" />
197 | <attribute name="target" />
198 | </attributes>
199 | <attributes name="spacer">
200 | <attribute name="align" />
201 | <attribute name="valign" />
202 | <attribute name="type" />
203 | <attribute name="width" />
204 | <attribute name="height" />
205 | <attribute name="size" />
206 | </attributes>
207 | <attributes name="colgroup">
208 | <attribute name="align" />
209 | <attribute name="char" />
210 | <attribute name="charoff" />
211 | <attribute name="span" />
212 | <attribute name="valign" />
213 | <attribute name="width" />
214 | <attribute name="title" />
215 | <attribute name="style" />
216 | </attributes>
217 | </tag-attributes>
218 | <!-- remove: remove all content include child node -->
219 | <!-- accept: keep tag and ratain content -->
220 | <!-- undefined: remove tag and ratain it's content -->
221 | <tag-rules>
222 | <tag name="script" action="remove" />
223 | <tag name="noscript" action="remove" />
224 | <tag name="style" action="csshandler" attributes="style" />
225 | <tag name="head" action="remove" />
226 | <tag name="select" action="remove" />
227 | <tag name="form" action="remove" />
228 | <tag name="iframe" action="remove" />
229 | <tag name="frame" action="remove" />
230 | <tag name="frameset" action="remove" />
231 | <tag name="object" action="remove" />
232 | <tag name="applet" action="remove" />
233 | <tag name="link" action="remove" />
234 |
235 | <!-- 页面标签 -->
236 | <tag name="a" action="accept" />
237 | <tag name="hr" action="accept" attributes="common" />
238 |
239 | <!-- 字体标签 -->
240 | <tag name="h1" action="accept" attributes="common" />
241 | <tag name="h3" action="accept" attributes="common" />
242 | <tag name="h2" action="accept" attributes="common" />
243 | <tag name="h4" action="accept" attributes="common" />
244 | <tag name="h5" action="accept" attributes="common" />
245 | <tag name="h6" action="accept" attributes="common" />
246 | <tag name="font" action="accept" />
247 | <tag name="b" action="accept" attributes="common" />
248 | <tag name="i" action="accept" attributes="common" />
249 | <tag name="u" action="accept" attributes="common" />
250 | <tag name="sup" action="accept" attributes="common" />
251 | <tag name="sub" action="accept" attributes="common" />
252 | <tag name="strike" action="accept" attributes="common" />
253 | <tag name="strong" action="accept" attributes="common" />
254 | <tag name="em" action="accept" attributes="common" />
255 |
256 | <!-- 文字布局标签 -->
257 | <tag name="p" action="accept" attributes="common" />
258 | <tag name="br" action="accept" attributes="common" />
259 | <tag name="ol" action="accept" attributes="common" />
260 | <tag name="li" action="accept" attributes="common" />
261 | <tag name="ul" action="accept" attributes="common" />
262 | <tag name="div" action="accept" />
263 | <tag name="span" action="accept" attributes="common" />
264 |
265 | <!-- 图像处理标签 -->
266 | <tag name="img" action="accept" />
267 | <tag name="map" action="accept" />
268 | <tag name="area" action="accept" />
269 |
270 | <!-- 动态文字标签 -->
271 | <tag name="marquee" action="accept" />
272 |
273 | <!-- 表格处理 -->
274 | <tag name="table" action="accept" />
275 | <tag name="tr" action="accept" attributes="td" />
276 | <tag name="td" action="accept" />
277 | <tag name="caption" action="accept" attributes="common" />
278 |
279 | <!-- 多媒体处理 -->
280 | <tag name="bgsound" action="accept" />
281 | <tag name="blockquote" action="accept" attributes="common" />
282 | <tag name="cite" action="accept" attributes="common" />
283 | <!--扩展区 -->
284 | <tag name="small" action="accept" attributes="common" />
285 | <tag name="big" action="accept" attributes="common" />
286 | <tag name="nobr" action="accept" attributes="common" />
287 | <tag name="center" action="accept" attributes="common" />
288 | <tag name="dl" action="accept" attributes="common" />
289 | <tag name="dt" action="accept" attributes="common" />
290 | <tag name="dd" action="accept" attributes="common" />
291 | <tag name="pre" action="accept" attributes="common" />
292 | <tag name="listing" action="accept" attributes="common" />
293 | <tag name="blink" action="accept" attributes="common" />
294 | <tag name="spacer" action="accept" />
295 | <tag name="th" action="accept" attributes="common" />
296 | <tag name="thead" action="accept" attributes="common" />
297 | <tag name="tbody" action="accept" attributes="common" />
298 | <tag name="tfoot" action="accept" attributes="common" />
299 | <tag name="colgroup" action="accept" />
300 | <tag name="col" action="accept" attributes="colgroup" />
301 | </tag-rules>
302 | </xss>
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/resources/strict-xss.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8" ?>
2 | <xss>
3 | <directives>
4 | <directive name="maxInputSize" value="1000000" />
5 | <directive name="maxCssInputSize" value="10000" />
6 | <directive name="enableStyleScan" value="true" />
7 | <directive name="removeComment" value="true" />
8 | <directive name="elemsLower" value="false" />
9 | <directive name="attrsLower" value="true" />
10 | <directive name="usePurifier" value="true" />
11 | <directive name="usePreXMLValid" value="true" />
12 | </directives>
13 | <common-regexps>
14 | <regexp name="offsiteURL" value="^http[s]{0,1}://([a-z0-9\-_]+\.)*(taobao|alipay|alibaba|1688|yahoo|alisoft|alimama|koubei|aliimg|alibado|alixueyuan)\.(com|net|cn|com\.cn)(/.*)*$" />
15 | <regexp name="commonOffsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[~\p{L}\p{N}\p{Zs}\-_\.@#$%&;:,\?=/\+!]*(\s)*" />
16 | </common-regexps>
17 | <!-- 标记通用属性属性 -->
18 | <tag-attributes>
19 | <attributes name="common">
20 | <attribute name="style" />
21 | <attribute name="align" />
22 | <attribute name="valign" />
23 | <attribute name="bgcolor" />
24 | <attribute name="background">
25 | <regexp-list>
26 | <regexp name="offsiteURL" />
27 | </regexp-list>
28 | </attribute>
29 | <attribute name="title" />
30 | </attributes>
31 | <attributes name="style">
32 | <attribute name="type" />
33 | </attributes>
34 | <attributes name="div">
35 | <attribute name="style" />
36 | <attribute name="align" />
37 | <attribute name="valign" />
38 | <attribute name="bgcolor" />
39 | <attribute name="background">
40 | <regexp-list>
41 | <regexp name="offsiteURL" />
42 | </regexp-list>
43 | </attribute>
44 | <attribute name="title" />
45 | </attributes>
46 | <attributes name="img">
47 | <attribute name="style" />
48 | <attribute name="align" />
49 | <attribute name="valign" />
50 | <attribute name="bgcolor" />
51 | <attribute name="background" />
52 | <attribute name="title" />
53 | <attribute name="src">
54 | <regexp-list>
55 | <regexp name="offsiteURL" />
56 | </regexp-list>
57 | </attribute>
58 | <attribute name="border" />
59 | <attribute name="width" />
60 | <attribute name="height" />
61 | <attribute name="alt" />
62 | <attribute name="usemap" />
63 | <!-- add -->
64 | <attribute name="hspace" />
65 | <attribute name="ismap" />
66 | <attribute name="vspace" />
67 | </attributes>
68 | <attributes name="font">
69 | <attribute name="style" />
70 | <attribute name="align" />
71 | <attribute name="valign" />
72 | <attribute name="bgcolor" />
73 | <attribute name="background">
74 | <regexp-list>
75 | <regexp name="offsiteURL" />
76 | </regexp-list>
77 | </attribute>
78 | <attribute name="title" />
79 | <attribute name="color" />
80 | <attribute name="size" />
81 | <attribute name="face" />
82 | </attributes>
83 | <attributes name="table">
84 | <attribute name="style" />
85 | <attribute name="align" />
86 | <attribute name="valign" />
87 | <attribute name="bgcolor" />
88 | <attribute name="background">
89 | <regexp-list>
90 | <regexp name="offsiteURL" />
91 | </regexp-list>
92 | </attribute>
93 | <attribute name="title" />
94 | <attribute name="border" />
95 | <attribute name="width" />
96 | <attribute name="height" />
97 | <attribute name="cellpadding" />
98 | <attribute name="cellspacing" />
99 | <attribute name="bordercolor" />
100 | <attribute name="blockquote" />
101 | <!-- add -->
102 | <attribute name="summary" />
103 | <attribute name="rules" />
104 | </attributes>
105 | <attributes name="td">
106 | <attribute name="style" />
107 | <attribute name="align" />
108 | <attribute name="valign" />
109 | <attribute name="bgcolor" />
110 | <attribute name="background">
111 | <regexp-list>
112 | <regexp name="offsiteURL" />
113 | </regexp-list>
114 | </attribute>
115 | <attribute name="title" />
116 | <attribute name="width" />
117 | <attribute name="height" />
118 | <attribute name="colspan" />
119 | <attribute name="rowspan" />
120 | <!-- add -->
121 | <attribute name="headers" />
122 | <attribute name="scope" />
123 | </attributes>
124 | <attributes name="marquee">
125 | <attribute name="style" />
126 | <attribute name="align" />
127 | <attribute name="valign" />
128 | <attribute name="bgcolor" />
129 | <attribute name="background">
130 | <regexp-list>
131 | <regexp name="offsiteURL" />
132 | </regexp-list>
133 | </attribute>
134 | <attribute name="title" />
135 | <attribute name="scrollamount" />
136 | <attribute name="direction" />
137 | <attribute name="behavior" />
138 | <attribute name="width" />
139 | <attribute name="height" />
140 | <attribute name="scrolldelay" />
141 | <!-- add -->
142 | <attribute name="loop" />
143 | </attributes>
144 | <attributes name="a">
145 | <attribute name="style" />
146 | <attribute name="align" />
147 | <attribute name="valign" />
148 | <attribute name="bgcolor" />
149 | <attribute name="background">
150 | <regexp-list>
151 | <regexp name="offsiteURL" />
152 | </regexp-list>
153 | </attribute>
154 | <attribute name="title" />
155 | <attribute name="target" />
156 | <attribute name="name" />
157 | <attribute name="href">
158 | <regexp-list>
159 | <regexp name="commonOffsiteURL" />
160 | </regexp-list>
161 | </attribute>
162 | <!-- add -->
163 | <attribute name="charset" />
164 | <attribute name="hreflang" />
165 | <attribute name="type" />
166 | <attribute name="shape" />
167 | </attributes>
168 | <attributes name="bgsound">
169 | <attribute name="src">
170 | <regexp-list>
171 | <regexp name="offsiteURL" />
172 | </regexp-list>
173 | </attribute>
174 | <attribute name="loop" />
175 | <!-- add -->
176 | <attribute name="autostart" />
177 | </attributes>
178 | <attributes name="map">
179 | <attribute name="name" />
180 | <!-- add -->
181 | <attribute name="title" />
182 | <attribute name="style" />
183 | </attributes>
184 | <attributes name="area">
185 | <attribute name="shape" />
186 | <attribute name="coords" />
187 | <!-- add -->
188 | <attribute name="href">
189 | <regexp-list>
190 | <regexp name="offsiteURL" />
191 | </regexp-list>
192 | </attribute>
193 | <attribute name="title" />
194 | <attribute name="style" />
195 | <attribute name="alt" />
196 | <attribute name="nohref" />
197 | <attribute name="target" />
198 | </attributes>
199 | <attributes name="spacer">
200 | <attribute name="align" />
201 | <attribute name="valign" />
202 | <attribute name="type" />
203 | <attribute name="width" />
204 | <attribute name="height" />
205 | <attribute name="size" />
206 | </attributes>
207 | <attributes name="colgroup">
208 | <attribute name="align" />
209 | <attribute name="char" />
210 | <attribute name="charoff" />
211 | <attribute name="span" />
212 | <attribute name="valign" />
213 | <attribute name="width" />
214 | <attribute name="title" />
215 | <attribute name="style" />
216 | </attributes>
217 | </tag-attributes>
218 | <!-- remove: remove all content include child node -->
219 | <!-- accept: keep tag and ratain content -->
220 | <!-- undefined: remove tag and ratain it's content -->
221 | <tag-rules>
222 | <tag name="script" action="remove" />
223 | <tag name="noscript" action="remove" />
224 | <tag name="style" action="csshandler" attributes="style" />
225 | <tag name="head" action="remove" />
226 | <tag name="select" action="remove" />
227 | <tag name="form" action="remove" />
228 | <tag name="iframe" action="remove" />
229 | <tag name="frame" action="remove" />
230 | <tag name="frameset" action="remove" />
231 | <tag name="object" action="remove" />
232 | <tag name="applet" action="remove" />
233 | <tag name="link" action="remove" />
234 |
235 | <!-- 页面标签 -->
236 | <tag name="a" action="accept" />
237 | <tag name="hr" action="accept" attributes="common" />
238 |
239 | <!-- 字体标签 -->
240 | <tag name="h1" action="accept" attributes="common" />
241 | <tag name="h3" action="accept" attributes="common" />
242 | <tag name="h2" action="accept" attributes="common" />
243 | <tag name="h4" action="accept" attributes="common" />
244 | <tag name="h5" action="accept" attributes="common" />
245 | <tag name="h6" action="accept" attributes="common" />
246 | <tag name="font" action="accept" />
247 | <tag name="b" action="accept" attributes="common" />
248 | <tag name="i" action="accept" attributes="common" />
249 | <tag name="u" action="accept" attributes="common" />
250 | <tag name="sup" action="accept" attributes="common" />
251 | <tag name="sub" action="accept" attributes="common" />
252 | <tag name="strike" action="accept" attributes="common" />
253 | <tag name="strong" action="accept" attributes="common" />
254 | <tag name="em" action="accept" attributes="common" />
255 |
256 | <!-- 文字布局标签 -->
257 | <tag name="p" action="accept" attributes="common" />
258 | <tag name="br" action="accept" attributes="common" />
259 | <tag name="ol" action="accept" attributes="common" />
260 | <tag name="li" action="accept" attributes="common" />
261 | <tag name="ul" action="accept" attributes="common" />
262 | <tag name="div" action="accept" />
263 | <tag name="span" action="accept" attributes="common" />
264 |
265 | <!-- 图像处理标签 -->
266 | <tag name="img" action="accept" />
267 | <tag name="map" action="accept" />
268 | <tag name="area" action="accept" />
269 |
270 | <!-- 动态文字标签 -->
271 | <tag name="marquee" action="accept" />
272 |
273 | <!-- 表格处理 -->
274 | <tag name="table" action="accept" />
275 | <tag name="tr" action="accept" attributes="td" />
276 | <tag name="td" action="accept" />
277 | <tag name="caption" action="accept" attributes="common" />
278 |
279 | <!-- 多媒体处理 -->
280 | <tag name="bgsound" action="accept" />
281 | <tag name="blockquote" action="accept" attributes="common" />
282 | <tag name="cite" action="accept" attributes="common" />
283 | <!--扩展区 -->
284 | <tag name="small" action="accept" attributes="common" />
285 | <tag name="big" action="accept" attributes="common" />
286 | <tag name="nobr" action="accept" attributes="common" />
287 | <tag name="center" action="accept" attributes="common" />
288 | <tag name="dl" action="accept" attributes="common" />
289 | <tag name="dt" action="accept" attributes="common" />
290 | <tag name="dd" action="accept" attributes="common" />
291 | <tag name="pre" action="accept" attributes="common" />
292 | <tag name="listing" action="accept" attributes="common" />
293 | <tag name="blink" action="accept" attributes="common" />
294 | <tag name="spacer" action="accept" />
295 | <tag name="th" action="accept" attributes="common" />
296 | <tag name="thead" action="accept" attributes="common" />
297 | <tag name="tbody" action="accept" attributes="common" />
298 | <tag name="tfoot" action="accept" attributes="common" />
299 | <tag name="colgroup" action="accept" />
300 | <tag name="col" action="accept" attributes="colgroup" />
301 | </tag-rules>
302 | </xss>
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/resources/tt-xss.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8" ?>
2 | <xss>
3 | <directives>
4 | <directive name="maxInputSize" value="1000000" />
5 | <directive name="maxCssInputSize" value="10000" />
6 | <directive name="enableStyleScan" value="true" />
7 | <directive name="removeComment" value="true" />
8 | <directive name="elemsLower" value="false" />
9 | <directive name="attrsLower" value="true" />
10 | <directive name="usePurifier" value="true" />
11 | <directive name="usePreXMLValid" value="true" />
12 | </directives>
13 | <common-regexps>
14 | <!-- <regexp name="offsiteURL" value="^http[s]{0,1}://([a-z0-9\-_]+\.)*(taobao|alipay|alibaba|1688|yahoo|alisoft|alimama|koubei|aliimg|alibado|alixueyuan)\.(com|net|cn|com\.cn)(/.*)*$" /> -->
15 | <regexp name="offsiteURL" value="^/p2pserver(/.*)*$" />
16 | <regexp name="commonOffsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[~\p{L}\p{N}\p{Zs}\-_\.@#$%&;:,\?=/\+!]*(\s)*" />
17 | </common-regexps>
18 | <!-- 标记通用属性属性 -->
19 | <tag-attributes>
20 | <attributes name="common">
21 | <attribute name="style" />
22 | <attribute name="align" />
23 | <attribute name="valign" />
24 | <attribute name="bgcolor" />
25 | <attribute name="background">
26 | <regexp-list>
27 | <regexp name="offsiteURL" />
28 | </regexp-list>
29 | </attribute>
30 | <attribute name="title" />
31 | </attributes>
32 | <attributes name="style">
33 | <attribute name="type" />
34 | </attributes>
35 | <attributes name="div">
36 | <attribute name="style" />
37 | <attribute name="align" />
38 | <attribute name="valign" />
39 | <attribute name="bgcolor" />
40 | <attribute name="background">
41 | <regexp-list>
42 | <regexp name="offsiteURL" />
43 | </regexp-list>
44 | </attribute>
45 | <attribute name="title" />
46 | </attributes>
47 | <attributes name="img">
48 | <attribute name="style" />
49 | <attribute name="align" />
50 | <attribute name="valign" />
51 | <attribute name="bgcolor" />
52 | <attribute name="background" />
53 | <attribute name="title" />
54 | <attribute name="src">
55 | <regexp-list>
56 | <regexp name="offsiteURL" />
57 | </regexp-list>
58 | </attribute>
59 | <attribute name="border" />
60 | <attribute name="width" />
61 | <attribute name="height" />
62 | <attribute name="alt" />
63 | <attribute name="usemap" />
64 | <!-- add -->
65 | <attribute name="hspace" />
66 | <attribute name="ismap" />
67 | <attribute name="vspace" />
68 | </attributes>
69 | <attributes name="font">
70 | <attribute name="style" />
71 | <attribute name="align" />
72 | <attribute name="valign" />
73 | <attribute name="bgcolor" />
74 | <attribute name="background">
75 | <regexp-list>
76 | <regexp name="offsiteURL" />
77 | </regexp-list>
78 | </attribute>
79 | <attribute name="title" />
80 | <attribute name="color" />
81 | <attribute name="size" />
82 | <attribute name="face" />
83 | </attributes>
84 | <attributes name="table">
85 | <attribute name="style" />
86 | <attribute name="align" />
87 | <attribute name="valign" />
88 | <attribute name="bgcolor" />
89 | <attribute name="background">
90 | <regexp-list>
91 | <regexp name="offsiteURL" />
92 | </regexp-list>
93 | </attribute>
94 | <attribute name="title" />
95 | <attribute name="border" />
96 | <attribute name="width" />
97 | <attribute name="height" />
98 | <attribute name="cellpadding" />
99 | <attribute name="cellspacing" />
100 | <attribute name="bordercolor" />
101 | <attribute name="blockquote" />
102 | <!-- add -->
103 | <attribute name="summary" />
104 | <attribute name="rules" />
105 | </attributes>
106 | <attributes name="td">
107 | <attribute name="style" />
108 | <attribute name="align" />
109 | <attribute name="valign" />
110 | <attribute name="bgcolor" />
111 | <attribute name="background">
112 | <regexp-list>
113 | <regexp name="offsiteURL" />
114 | </regexp-list>
115 | </attribute>
116 | <attribute name="title" />
117 | <attribute name="width" />
118 | <attribute name="height" />
119 | <attribute name="colspan" />
120 | <attribute name="rowspan" />
121 | <!-- add -->
122 | <attribute name="headers" />
123 | <attribute name="scope" />
124 | </attributes>
125 | <attributes name="marquee">
126 | <attribute name="style" />
127 | <attribute name="align" />
128 | <attribute name="valign" />
129 | <attribute name="bgcolor" />
130 | <attribute name="background">
131 | <regexp-list>
132 | <regexp name="offsiteURL" />
133 | </regexp-list>
134 | </attribute>
135 | <attribute name="title" />
136 | <attribute name="scrollamount" />
137 | <attribute name="direction" />
138 | <attribute name="behavior" />
139 | <attribute name="width" />
140 | <attribute name="height" />
141 | <attribute name="scrolldelay" />
142 | <!-- add -->
143 | <attribute name="loop" />
144 | </attributes>
145 | <attributes name="a">
146 | <attribute name="style" />
147 | <attribute name="align" />
148 | <attribute name="valign" />
149 | <attribute name="bgcolor" />
150 | <attribute name="background">
151 | <regexp-list>
152 | <regexp name="offsiteURL" />
153 | </regexp-list>
154 | </attribute>
155 | <attribute name="title" />
156 | <attribute name="target" />
157 | <attribute name="name" />
158 | <attribute name="href">
159 | <regexp-list>
160 | <regexp name="commonOffsiteURL" />
161 | </regexp-list>
162 | </attribute>
163 | <!-- add -->
164 | <attribute name="charset" />
165 | <attribute name="hreflang" />
166 | <attribute name="type" />
167 | <attribute name="shape" />
168 | </attributes>
169 | <attributes name="bgsound">
170 | <attribute name="src">
171 | <regexp-list>
172 | <regexp name="offsiteURL" />
173 | </regexp-list>
174 | </attribute>
175 | <attribute name="loop" />
176 | <!-- add -->
177 | <attribute name="autostart" />
178 | </attributes>
179 | <attributes name="map">
180 | <attribute name="name" />
181 | <!-- add -->
182 | <attribute name="title" />
183 | <attribute name="style" />
184 | </attributes>
185 | <attributes name="area">
186 | <attribute name="shape" />
187 | <attribute name="coords" />
188 | <!-- add -->
189 | <attribute name="href">
190 | <regexp-list>
191 | <regexp name="offsiteURL" />
192 | </regexp-list>
193 | </attribute>
194 | <attribute name="title" />
195 | <attribute name="style" />
196 | <attribute name="alt" />
197 | <attribute name="nohref" />
198 | <attribute name="target" />
199 | </attributes>
200 | <attributes name="spacer">
201 | <attribute name="align" />
202 | <attribute name="valign" />
203 | <attribute name="type" />
204 | <attribute name="width" />
205 | <attribute name="height" />
206 | <attribute name="size" />
207 | </attributes>
208 | <attributes name="colgroup">
209 | <attribute name="align" />
210 | <attribute name="char" />
211 | <attribute name="charoff" />
212 | <attribute name="span" />
213 | <attribute name="valign" />
214 | <attribute name="width" />
215 | <attribute name="title" />
216 | <attribute name="style" />
217 | </attributes>
218 | </tag-attributes>
219 | <!-- remove: remove all content include child node -->
220 | <!-- accept: keep tag and ratain content -->
221 | <!-- undefined: remove tag and ratain it's content -->
222 | <tag-rules>
223 | <tag name="script" action="remove" />
224 | <tag name="noscript" action="remove" />
225 | <tag name="style" action="csshandler" attributes="style" />
226 | <tag name="head" action="remove" />
227 | <tag name="select" action="remove" />
228 | <tag name="form" action="remove" />
229 | <tag name="iframe" action="remove" />
230 | <tag name="frame" action="remove" />
231 | <tag name="frameset" action="remove" />
232 | <tag name="object" action="remove" />
233 | <tag name="applet" action="remove" />
234 | <tag name="link" action="remove" />
235 |
236 | <!-- 页面标签 -->
237 | <tag name="a" action="accept" />
238 | <tag name="hr" action="accept" attributes="common" />
239 |
240 | <!-- 字体标签 -->
241 | <tag name="h1" action="accept" attributes="common" />
242 | <tag name="h3" action="accept" attributes="common" />
243 | <tag name="h2" action="accept" attributes="common" />
244 | <tag name="h4" action="accept" attributes="common" />
245 | <tag name="h5" action="accept" attributes="common" />
246 | <tag name="h6" action="accept" attributes="common" />
247 | <tag name="font" action="accept" />
248 | <tag name="b" action="accept" attributes="common" />
249 | <tag name="i" action="accept" attributes="common" />
250 | <tag name="u" action="accept" attributes="common" />
251 | <tag name="sup" action="accept" attributes="common" />
252 | <tag name="sub" action="accept" attributes="common" />
253 | <tag name="strike" action="accept" attributes="common" />
254 | <tag name="strong" action="accept" attributes="common" />
255 | <tag name="em" action="accept" attributes="common" />
256 |
257 | <!-- 文字布局标签 -->
258 | <tag name="p" action="accept" attributes="common" />
259 | <tag name="br" action="accept" attributes="common" />
260 | <tag name="ol" action="accept" attributes="common" />
261 | <tag name="li" action="accept" attributes="common" />
262 | <tag name="ul" action="accept" attributes="common" />
263 | <tag name="div" action="accept" />
264 | <tag name="span" action="accept" attributes="common" />
265 |
266 | <!-- 图像处理标签 -->
267 | <tag name="img" action="accept" />
268 | <tag name="map" action="accept" />
269 | <tag name="area" action="accept" />
270 |
271 | <!-- 动态文字标签 -->
272 | <tag name="marquee" action="accept" />
273 |
274 | <!-- 表格处理 -->
275 | <tag name="table" action="accept" />
276 | <tag name="tr" action="accept" attributes="td" />
277 | <tag name="td" action="accept" />
278 | <tag name="caption" action="accept" attributes="common" />
279 |
280 | <!-- 多媒体处理 -->
281 | <tag name="bgsound" action="accept" />
282 | <tag name="blockquote" action="accept" attributes="common" />
283 | <tag name="cite" action="accept" attributes="common" />
284 | <!--扩展区 -->
285 | <tag name="small" action="accept" attributes="common" />
286 | <tag name="big" action="accept" attributes="common" />
287 | <tag name="nobr" action="accept" attributes="common" />
288 | <tag name="center" action="accept" attributes="common" />
289 | <tag name="dl" action="accept" attributes="common" />
290 | <tag name="dt" action="accept" attributes="common" />
291 | <tag name="dd" action="accept" attributes="common" />
292 | <tag name="pre" action="accept" attributes="common" />
293 | <tag name="listing" action="accept" attributes="common" />
294 | <tag name="blink" action="accept" attributes="common" />
295 | <tag name="spacer" action="accept" />
296 | <tag name="th" action="accept" attributes="common" />
297 | <tag name="thead" action="accept" attributes="common" />
298 | <tag name="tbody" action="accept" attributes="common" />
299 | <tag name="tfoot" action="accept" attributes="common" />
300 | <tag name="colgroup" action="accept" />
301 | <tag name="col" action="accept" attributes="colgroup" />
302 | </tag-rules>
303 | </xss>
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/Policy.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss;
2 |
3 | import java.io.IOException;
4 | import java.io.InputStream;
5 | import java.net.URL;
6 | import java.util.ArrayList;
7 | import java.util.Collection;
8 | import java.util.HashMap;
9 | import java.util.List;
10 | import java.util.Map;
11 | import java.util.regex.Pattern;
12 |
13 | import javax.xml.parsers.DocumentBuilder;
14 | import javax.xml.parsers.DocumentBuilderFactory;
15 | import javax.xml.parsers.ParserConfigurationException;
16 |
17 | import org.w3c.dom.Document;
18 | import org.w3c.dom.Element;
19 | import org.w3c.dom.NodeList;
20 | import org.xml.sax.SAXException;
21 |
22 | import com.github.textutils.security.xss.model.Action;
23 | import com.github.textutils.security.xss.model.Attribute;
24 | import com.github.textutils.security.xss.model.RestrictAttribute;
25 | import com.github.textutils.security.xss.model.Tag;
26 |
27 | /**
28 | * <pre>
29 | * <directives>
30 | * <directive name="maxInputSize" value="100000" />
31 | * <directive name="maxCssInputSize" value="1000" />
32 | * <directive name="enableStyleScan" value="true" />
33 | * <directive name="removeComment" value="true" />
34 | * <directive name="elemsLower" value="true" />
35 | * <directive name="attrsLower" value="true" />
36 | * </directives>
37 | * </pre>
38 | *
39 | */
40 | public class Policy {
41 |
42 | public static final String DEFAULT_STRICT_POLICY_URI = "resources/strict-xss.xml";
43 | public static final String DEFAULT_LOOSE_POLICY_URI = "resources/loose-xss.xml";
44 | public static final String DEFAULT_ALIPAY_POLICY_URI = "resources/alipay-xss.xml";
45 | public static final String DEFAULT_TAOBAO_POLICY_URI = "resources/taobao-xss.xml";
46 | public static final String DEFAULT_GONGLUE_POLICY_URI = "resources/gonglue-xss.xml";
47 |
48 | private Map<String, String> directives;
49 | private Map<String, Tag> tagRules;
50 |
51 | public int maxInputSize = 10000000;
52 | public int maxCssInputSize = 100000;
53 | public boolean enableStyleScan = true;
54 | public boolean removeComment = false;
55 | public boolean attrsLower = true;
56 | public boolean elemsLower = true;
57 | public boolean usePurifier = false;
58 | public boolean usePreXMLValid = true;
59 |
60 | private Policy(InputStream is) throws PolicyException{
61 | try {
62 | parsePolicy(is);
63 | } catch (ParserConfigurationException e) {
64 | throw new PolicyException(e);
65 | } catch (SAXException e) {
66 | throw new PolicyException(e);
67 | } catch (IOException e) {
68 | throw new PolicyException(e);
69 | }
70 | }
71 |
72 | private Policy(URL url) throws PolicyException{
73 | try {
74 | parsePolicy(url.openStream());
75 | } catch (ParserConfigurationException e) {
76 | throw new PolicyException(e);
77 | } catch (SAXException e) {
78 | throw new PolicyException(e);
79 | } catch (IOException e) {
80 | throw new PolicyException(e);
81 | }
82 | }
83 |
84 | public static Policy getLoosePolicyInstance() throws PolicyException {
85 | InputStream is = Policy.class.getResourceAsStream(DEFAULT_LOOSE_POLICY_URI);
86 | return new Policy(is);
87 | }
88 |
89 | public static Policy getStrictPolicyInstance() throws PolicyException {
90 | InputStream is = Policy.class.getResourceAsStream(DEFAULT_STRICT_POLICY_URI);
91 | return new Policy(is);
92 | }
93 |
94 | public static Policy getCustomerPolicyInstance(InputStream is) throws PolicyException {
95 | return new Policy(is);
96 | }
97 |
98 | /**
99 | * 获得内置定义的资源: 支付宝/掏宝等定制要求资源
100 | *
101 | * @param uri
102 | * @return
103 | * @throws PolicyException
104 | */
105 | public static Policy getInternalDefinePolicyInstance(String uri) throws PolicyException {
106 | InputStream is = Policy.class.getResourceAsStream(uri);
107 | return new Policy(is);
108 | }
109 |
110 | private void parsePolicy(InputStream is) throws ParserConfigurationException, SAXException, IOException,
111 | PolicyException {
112 | if (is == null) {
113 | throw new PolicyException("gived InputStream is null");
114 | }
115 | DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
116 | DocumentBuilder db = dbf.newDocumentBuilder();
117 | Document dom = db.parse(is);
118 | Element root = dom.getDocumentElement();
119 | // directives
120 | Element directiveListNode = (Element) root.getElementsByTagName("directives").item(0);
121 | this.directives = parseDirectives(directiveListNode);
122 |
123 | // common-regexps
124 | Element regexpsListNode = (Element) root.getElementsByTagName("common-regexps").item(0);
125 | Map<String, Pattern> regexps = parseRegexps(regexpsListNode);
126 |
127 | // tag-attributes
128 | Element tagAttributesListNode = (Element) root.getElementsByTagName("tag-attributes").item(0);
129 | Map<String, Map<String, Attribute>> tagAttributes = parseTagAttributes(tagAttributesListNode, regexps);
130 |
131 | // tag-rules
132 | Element tagRulesListNode = (Element) root.getElementsByTagName("tag-rules").item(0);
133 | this.tagRules = parseTagRules(tagRulesListNode);
134 |
135 | // attach attribute to tag
136 | Collection<Tag> tagSet = tagRules.values();
137 | for (Tag tag : tagSet) {
138 | String ref = tag.getAttrRef();
139 | if (isEmpty(ref)) {
140 | ref = tag.getName();
141 | }
142 | ref = toElemsCase(ref);
143 | tag.setAllowedAttributes(tagAttributes.get(ref));
144 | }
145 | // attach reg to attribute
146 | }
147 |
148 | /**
149 | * 读取正则表达式
150 | *
151 | * @param root
152 | * @return
153 | * @throws PolicyException
154 | */
155 | private Map<String, Pattern> parseRegexps(Element root) throws PolicyException {
156 | Map<String, Pattern> regexps = new HashMap<String, Pattern>();
157 | NodeList regNodes = root.getElementsByTagName("regexp");
158 | for (int i = 0; i < regNodes.getLength(); i++) {
159 | Element element = (Element) regNodes.item(i);
160 | String name = element.getAttribute("name");
161 | String value = element.getAttribute("value");
162 |
163 | if (!isEmpty(name) && !isEmpty(value)) {
164 | Pattern pattern = Pattern.compile(value, Pattern.CASE_INSENSITIVE);
165 | regexps.put(name, pattern);
166 | } else {
167 | throw new PolicyException("error regexps name or value");
168 | }
169 | }
170 | return regexps;
171 | }
172 |
173 | private Map<String, Tag> parseTagRules(Element root) throws PolicyException {
174 | Map<String, Tag> tagRules = new HashMap<String, Tag>();
175 | NodeList tagNodes = root.getElementsByTagName("tag");
176 | for (int i = 0; i < tagNodes.getLength(); i++) {
177 | Element element = (Element) tagNodes.item(i);
178 | String tagName = element.getAttribute("name");
179 | tagName = toElemsCase(tagName);
180 | String action = element.getAttribute("action");
181 | Tag tag = new Tag(tagName);
182 | if ("remove".equalsIgnoreCase(action)) {
183 | tag.setAction(Action.REMOVE);
184 | } else if ("accept".equalsIgnoreCase(action)) {
185 | tag.setAction(Action.ACCEPT);
186 | } else if ("csshandler".equalsIgnoreCase(action)) {
187 | tag.setAction(Action.CSSHANDLER);
188 | } else {
189 | throw new PolicyException("error action: " + action);
190 | }
191 | // 把标记属性写入标记对象
192 | String attributes = element.getAttribute("attributes");
193 | tag.setAttrRef(attributes);
194 | tagRules.put(tagName, tag);
195 | }
196 | return tagRules;
197 | }
198 |
199 | private Map<String, Map<String, Attribute>> parseTagAttributes(Element root, Map<String, Pattern> regexps)
200 | throws PolicyException {
201 | Map<String, Map<String, Attribute>> tagAttributes = new HashMap<String, Map<String, Attribute>>();
202 | NodeList attributesNodes = root.getElementsByTagName("attributes");
203 | for (int i = 0; i < attributesNodes.getLength(); i++) {
204 | Element element = (Element) attributesNodes.item(i);
205 | String tagName = element.getAttribute("name");
206 | tagName = toElemsCase(tagName);
207 | Map<String, Attribute> attrs = new HashMap<String, Attribute>();
208 | tagAttributes.put(tagName, attrs);
209 | NodeList attributeNodes = element.getElementsByTagName("attribute");
210 | for (int j = 0; j < attributeNodes.getLength(); j++) {
211 | Element son = (Element) attributeNodes.item(j);
212 | String attrName = son.getAttribute("name");
213 | String defaultVal = son.getAttribute("default");
214 | attrName = toAttrsCase(attrName);
215 | Attribute attr = new Attribute();
216 | attr.name = attrName;
217 | attr.defaultValue = defaultVal;
218 | if ("style".equals(attrName.toLowerCase())) {
219 | attr.restrictAttribute = RestrictAttribute.STYLE;
220 | } else if ("background".equals(attrName.toLowerCase())) {
221 | attr.restrictAttribute = RestrictAttribute.BACKGROUND;
222 | }
223 | // parser attribute validating regular expression list
224 | attr.allowedRegExp = parseAttributeRegular(son, regexps);
225 | attrs.put(attrName, attr);
226 | }
227 | }
228 | return tagAttributes;
229 | }
230 |
231 | /**
232 | * <pre>
233 | * <attribute name="src">
234 | * <regexp-list>
235 | * <regexp name="onsiteURL" />
236 | * <regexp name="offsiteURL" />
237 | * <regexp value="$http://" />
238 | * </regexp-list>
239 | * </attribute>
240 | * </pre>
241 | *
242 | * @param root
243 | * @param regexps
244 | * @return
245 | * @throws PolicyException
246 | */
247 | private List<Pattern> parseAttributeRegular(Element root, Map<String, Pattern> regexps) throws PolicyException {
248 | List<Pattern> regList = null;
249 | if (root.hasChildNodes()) {
250 | regList = new ArrayList<Pattern>();
251 | Element e = (Element) root.getElementsByTagName("regexp-list").item(0);
252 | NodeList regexprNode = e.getElementsByTagName("regexp");
253 | for (int i = 0; i < regexprNode.getLength(); i++) {
254 | Element element = (Element) regexprNode.item(i);
255 | String regularName = element.getAttribute("name");
256 | String regularValue = element.getAttribute("value");
257 | if (!isEmpty(regularName)) {
258 | regList.add(regexps.get(regularName));
259 | } else if (!isEmpty(regularValue)) {
260 | Pattern pattern = Pattern.compile(regularValue, Pattern.CASE_INSENSITIVE);
261 | regList.add(pattern);
262 | }
263 | }
264 | }
265 | return regList;
266 | }
267 |
268 | private Map<String, String> parseDirectives(Element root) {
269 | Map<String, String> directives = new HashMap<String, String>();
270 | NodeList directiveNodes = root.getElementsByTagName("directive");
271 | for (int i = 0; i < directiveNodes.getLength(); i++) {
272 | Element element = (Element) directiveNodes.item(i);
273 | String name = element.getAttribute("name");
274 | String value = element.getAttribute("value");
275 | directives.put(name, value);
276 | }
277 | // set some to field
278 | maxInputSize = Integer.parseInt(directives.get("maxInputSize"));
279 | maxCssInputSize = Integer.parseInt(directives.get("maxCssInputSize"));
280 | enableStyleScan = Boolean.parseBoolean(directives.get("enableStyleScan"));
281 | removeComment = Boolean.parseBoolean(directives.get("removeComment"));
282 | attrsLower = Boolean.parseBoolean(directives.get("attrsLower"));
283 | elemsLower = Boolean.parseBoolean(directives.get("elemsLower"));
284 | usePurifier = Boolean.parseBoolean(directives.get("usePurifier"));
285 | usePreXMLValid = Boolean.parseBoolean(directives.get("usePreXMLValid"));
286 | return directives;
287 | }
288 |
289 | public Map<String, String> getDirectives() {
290 | return directives;
291 | }
292 |
293 | public Map<String, Tag> getTagRules() {
294 | return tagRules;
295 | }
296 |
297 | public boolean isEmpty(String s) {
298 | if (s == null || s.trim().equals("")) {
299 | return true;
300 | } else {
301 | return false;
302 | }
303 | }
304 |
305 | public String toAttrsCase(String s) {
306 | if (attrsLower) {
307 | return s.toLowerCase();
308 | } else {
309 | return s.toUpperCase();
310 | }
311 | }
312 |
313 | public String toElemsCase(String s) {
314 | if (elemsLower) {
315 | return s.toLowerCase();
316 | } else {
317 | return s.toUpperCase();
318 | }
319 | }
320 | }
321 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/resources/loose-xss.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8" ?>
2 | <xss>
3 | <directives>
4 | <directive name="maxInputSize" value="1000000" />
5 | <directive name="maxCssInputSize" value="10000" />
6 | <directive name="enableStyleScan" value="true" />
7 | <directive name="removeComment" value="true" />
8 | <directive name="elemsLower" value="true" />
9 | <directive name="attrsLower" value="true" />
10 | <directive name="usePurifier" value="false" />
11 | <directive name="usePreXMLValid" value="false" />
12 | </directives>
13 | <common-regexps>
14 | <regexp name="offsiteURL" value="^http[s]{0,1}://([a-z0-9\-_]+\.)*((taobao|alipay|alibaba|taojianghu|aliloan|1688|alibaba\-inc|yahoo|alisoft|koubei|aliimg|alibado|alixueyuan|taobaocdn|huanqiu|globaltimes|kitco|export\-entreprises)\.(com|net|cn|com\.cn)|alimama\.(com|cn|com.cn)|tbcdn\.cn)(:\d+)?(/.*)*$" />
15 | <regexp name="pathAndOffsiteURL" value="^(http[s]{0,1}://([a-z0-9\-_]+\.)*((taobao|alipay|alibaba|taojianghu|aliloan|1688|alibaba\-inc|yahoo|alisoft|koubei|aliimg|alibado|alixueyuan|guruonline|youku|youtube)\.(com|net|cn|com\.cn|tv)|alimama\.(com|cn|com.cn))(/.*)*)$" />
16 | <regexp name="commonOffsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[~\p{L}\p{N}\p{Zs}\-_\.@#$%&;:,\?=/\+!]*(\s)*" />
17 | <regexp name="allowScriptAccess" value="^sameDomain|never$" />
18 | <regexp name="allowNetworking" value="^internal|none$" />
19 | </common-regexps>
20 | <!-- 标记通用属性属性 -->
21 | <tag-attributes>
22 | <attributes name="common">
23 | <attribute name="id" />
24 | <attribute name="style" />
25 | <attribute name="align" />
26 | <attribute name="valign" />
27 | <attribute name="bgcolor" />
28 | <attribute name="background">
29 | <regexp-list>
30 | <regexp name="offsiteURL" />
31 | </regexp-list>
32 | </attribute>
33 | <attribute name="title" />
34 | </attributes>
35 | <attributes name="style">
36 | <attribute name="type" />
37 | </attributes>
38 |
39 | <attributes name="embed">
40 | <attribute name="src">
41 | <regexp-list>
42 | <regexp name="pathAndOffsiteURL" />
43 | </regexp-list>
44 | </attribute>
45 | <attribute name="width" />
46 | <attribute name="height" />
47 | <attribute name="type" />
48 | <attribute name="id" />
49 | <attribute name="name" />
50 | <attribute name="quality" />
51 | <attribute name="bgcolor" />
52 | <attribute name="flashvars" />
53 | <attribute name="allowfullscreen" />
54 | <attribute name="allowNetworking" default="internal">
55 | <regexp-list>
56 | <regexp name="allowNetworking"/>
57 | </regexp-list>
58 | </attribute>
59 | <attribute name="allowScriptAccess" default="sameDomain">
60 | <regexp-list>
61 | <regexp name="allowScriptAccess" />
62 | </regexp-list>
63 | </attribute>
64 | </attributes>
65 |
66 | <attributes name="div">
67 | <attribute name="style" />
68 | <attribute name="align" />
69 | <attribute name="valign" />
70 | <attribute name="bgcolor" />
71 | <attribute name="background">
72 | <regexp-list>
73 | <regexp name="offsiteURL" />
74 | </regexp-list>
75 | </attribute>
76 | <attribute name="title" />
77 | </attributes>
78 | <attributes name="img">
79 | <attribute name="style" />
80 | <attribute name="align" />
81 | <attribute name="valign" />
82 | <attribute name="bgcolor" />
83 | <attribute name="background" />
84 | <attribute name="title" />
85 | <attribute name="src">
86 | <regexp-list>
87 | <regexp name="offsiteURL" />
88 | </regexp-list>
89 | </attribute>
90 | <attribute name="border" />
91 | <attribute name="width" />
92 | <attribute name="height" />
93 | <attribute name="alt" />
94 | <attribute name="usemap" />
95 | <!-- add -->
96 | <attribute name="hspace" />
97 | <attribute name="ismap" />
98 | <attribute name="vspace" />
99 | </attributes>
100 | <attributes name="font">
101 | <attribute name="style" />
102 | <attribute name="align" />
103 | <attribute name="valign" />
104 | <attribute name="bgcolor" />
105 | <attribute name="background">
106 | <regexp-list>
107 | <regexp name="offsiteURL" />
108 | </regexp-list>
109 | </attribute>
110 | <attribute name="title" />
111 | <attribute name="color" />
112 | <attribute name="size" />
113 | <attribute name="face" />
114 | </attributes>
115 | <attributes name="table">
116 | <attribute name="style" />
117 | <attribute name="align" />
118 | <attribute name="valign" />
119 | <attribute name="bgcolor" />
120 | <attribute name="background">
121 | <regexp-list>
122 | <regexp name="offsiteURL" />
123 | </regexp-list>
124 | </attribute>
125 | <attribute name="title" />
126 | <attribute name="border" />
127 | <attribute name="width" />
128 | <attribute name="height" />
129 | <attribute name="cellpadding" />
130 | <attribute name="cellspacing" />
131 | <attribute name="bordercolor" />
132 | <attribute name="blockquote" />
133 | <!-- add -->
134 | <attribute name="summary" />
135 | <attribute name="rules" />
136 | </attributes>
137 | <attributes name="td">
138 | <attribute name="style" />
139 | <attribute name="align" />
140 | <attribute name="valign" />
141 | <attribute name="bgcolor" />
142 | <attribute name="background">
143 | <regexp-list>
144 | <regexp name="offsiteURL" />
145 | </regexp-list>
146 | </attribute>
147 | <attribute name="title" />
148 | <attribute name="width" />
149 | <attribute name="height" />
150 | <attribute name="colspan" />
151 | <attribute name="rowspan" />
152 | <!-- add -->
153 | <attribute name="headers" />
154 | <attribute name="scope" />
155 | </attributes>
156 | <attributes name="marquee">
157 | <attribute name="style" />
158 | <attribute name="align" />
159 | <attribute name="valign" />
160 | <attribute name="bgcolor" />
161 | <attribute name="background">
162 | <regexp-list>
163 | <regexp name="offsiteURL" />
164 | </regexp-list>
165 | </attribute>
166 | <attribute name="title" />
167 | <attribute name="scrollamount" />
168 | <attribute name="direction" />
169 | <attribute name="behavior" />
170 | <attribute name="width" />
171 | <attribute name="height" />
172 | <attribute name="scrolldelay" />
173 | <attribute name="loop" />
174 | </attributes>
175 | <attributes name="a">
176 | <attribute name="style" />
177 | <attribute name="align" />
178 | <attribute name="valign" />
179 | <attribute name="bgcolor" />
180 | <attribute name="background">
181 | <regexp-list>
182 | <regexp name="offsiteURL" />
183 | </regexp-list>
184 | </attribute>
185 | <attribute name="title" />
186 | <attribute name="target" />
187 | <attribute name="name" />
188 | <attribute name="href">
189 | <regexp-list>
190 | <regexp name="commonOffsiteURL" />
191 | </regexp-list>
192 | </attribute>
193 | <attribute name="type" />
194 | <attribute name="shape" />
195 | </attributes>
196 | <attributes name="bgsound">
197 | <attribute name="src">
198 | <regexp-list>
199 | <regexp name="offsiteURL" />
200 | </regexp-list>
201 | </attribute>
202 | <attribute name="loop" />
203 | <attribute name="autostart" />
204 | </attributes>
205 | <attributes name="map">
206 | <attribute name="name" />
207 | <attribute name="title" />
208 | <attribute name="style" />
209 | </attributes>
210 | <attributes name="area">
211 | <attribute name="shape" />
212 | <attribute name="coords" />
213 | <attribute name="href">
214 | <regexp-list>
215 | <regexp name="commonOffsiteURL" />
216 | </regexp-list>
217 | </attribute>
218 | <attribute name="title" />
219 | <attribute name="style" />
220 | <attribute name="alt" />
221 | <attribute name="nohref" />
222 | <attribute name="target" />
223 | </attributes>
224 | <attributes name="spacer">
225 | <attribute name="align" />
226 | <attribute name="valign" />
227 | <attribute name="type" />
228 | <attribute name="width" />
229 | <attribute name="height" />
230 | <attribute name="size" />
231 | </attributes>
232 | <attributes name="colgroup">
233 | <attribute name="align" />
234 | <attribute name="char" />
235 | <attribute name="charoff" />
236 | <attribute name="span" />
237 | <attribute name="valign" />
238 | <attribute name="width" />
239 | <attribute name="title" />
240 | <attribute name="style" />
241 | </attributes>
242 | </tag-attributes>
243 | <!-- remove: remove all content include child node -->
244 | <!-- accept: keep tag and ratain content -->
245 | <!-- undefined: remove tag and ratain it's content -->
246 | <tag-rules>
247 | <tag name="script" action="remove" />
248 | <tag name="noscript" action="remove" />
249 | <tag name="style" action="csshandler" attributes="style" />
250 | <tag name="head" action="remove" />
251 | <tag name="select" action="remove" />
252 | <tag name="form" action="remove" />
253 | <tag name="iframe" action="remove" />
254 | <tag name="frame" action="remove" />
255 | <tag name="frameset" action="remove" />
256 | <!-- 页面标签 -->
257 |
258 | <tag name="a" action="accept" />
259 | <tag name="hr" action="accept" attributes="common" />
260 |
261 | <!-- 字体标签 -->
262 | <tag name="h1" action="accept" attributes="common" />
263 | <tag name="h3" action="accept" attributes="common" />
264 | <tag name="h2" action="accept" attributes="common" />
265 | <tag name="h4" action="accept" attributes="common" />
266 | <tag name="h5" action="accept" attributes="common" />
267 | <tag name="h6" action="accept" attributes="common" />
268 | <tag name="font" action="accept" />
269 | <tag name="b" action="accept" attributes="common" />
270 | <tag name="i" action="accept" attributes="common" />
271 | <tag name="u" action="accept" attributes="common" />
272 | <tag name="sup" action="accept" attributes="common" />
273 | <tag name="sub" action="accept" attributes="common" />
274 | <tag name="strike" action="accept" attributes="common" />
275 | <tag name="strong" action="accept" attributes="common" />
276 | <tag name="em" action="accept" attributes="common" />
277 |
278 | <!-- 文字布局标签 -->
279 | <tag name="p" action="accept" attributes="common" />
280 | <tag name="br" action="accept" attributes="common" />
281 | <tag name="ol" action="accept" attributes="common" />
282 | <tag name="li" action="accept" attributes="common" />
283 | <tag name="ul" action="accept" attributes="common" />
284 | <tag name="div" action="accept" />
285 | <tag name="span" action="accept" attributes="common" />
286 |
287 | <!-- 图像处理标签 -->
288 | <tag name="img" action="accept" />
289 | <tag name="map" action="accept" />
290 | <tag name="area" action="accept" />
291 | <tag name="embed" action="accept" />
292 |
293 | <!-- 动态文字标签 -->
294 | <tag name="marquee" action="accept" />
295 |
296 | <!-- 表格处理 -->
297 | <tag name="table" action="accept" />
298 | <tag name="tr" action="accept" attributes="td" />
299 | <tag name="td" action="accept" />
300 | <tag name="caption" action="accept" attributes="common" />
301 |
302 | <!-- 多媒体处理 -->
303 | <tag name="bgsound" action="accept" />
304 | <tag name="blockquote" action="accept" attributes="common" />
305 | <tag name="cite" action="accept" attributes="common" />
306 | <!--扩展区 -->
307 | <tag name="small" action="accept" attributes="common" />
308 | <tag name="big" action="accept" attributes="common" />
309 | <tag name="nobr" action="accept" attributes="common" />
310 | <tag name="center" action="accept" attributes="common" />
311 | <tag name="dl" action="accept" attributes="common" />
312 | <tag name="dt" action="accept" attributes="common" />
313 | <tag name="dd" action="accept" attributes="common" />
314 | <tag name="pre" action="accept" attributes="common" />
315 | <tag name="listing" action="accept" attributes="common" />
316 | <tag name="blink" action="accept" attributes="common" />
317 | <tag name="spacer" action="accept" />
318 | <tag name="th" action="accept" attributes="common" />
319 | <tag name="thead" action="accept" attributes="common" />
320 | <tag name="tbody" action="accept" attributes="common" />
321 | <tag name="tfoot" action="accept" attributes="common" />
322 | <tag name="colgroup" action="accept" />
323 | <tag name="col" action="accept" attributes="colgroup" />
324 | </tag-rules>
325 | </xss>
326 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/security/xss/impl/XssFilterDocumentHandler.java:
--------------------------------------------------------------------------------
1 | package com.github.textutils.security.xss.impl;
2 |
3 | import java.util.ArrayList;
4 | import java.util.List;
5 | import java.util.Map;
6 | import java.util.regex.Pattern;
7 |
8 | import org.apache.xerces.xni.Augmentations;
9 | import org.apache.xerces.xni.NamespaceContext;
10 | import org.apache.xerces.xni.QName;
11 | import org.apache.xerces.xni.XMLAttributes;
12 | import org.apache.xerces.xni.XMLLocator;
13 | import org.apache.xerces.xni.XMLResourceIdentifier;
14 | import org.apache.xerces.xni.XMLString;
15 | import org.apache.xerces.xni.XNIException;
16 | import org.cyberneko.html.HTMLElements;
17 | import org.cyberneko.html.filters.DefaultFilter;
18 |
19 | import com.github.textutils.codec.HtmlFastEntities;
20 | import com.github.textutils.security.xss.Policy;
21 | import com.github.textutils.security.xss.model.Action;
22 | import com.github.textutils.security.xss.model.Attribute;
23 | import com.github.textutils.security.xss.model.RestrictAttribute;
24 | import com.github.textutils.security.xss.model.Tag;
25 |
26 | /**
27 | * 为了提高性能, 把删除标记与输出做在一起, 大约可以提高100%性能。 另外也也顺便修改了一些nekohtml不合理比较string的方法。
28 | *
29 | */
30 | public class XssFilterDocumentHandler extends DefaultFilter {
31 |
32 | protected int removalStack = 0;
33 |
34 | /** output buffer */
35 | protected StringBuilder fwriterBuffer;
36 |
37 | /** Seen root element. */
38 | protected boolean fSeenRootElement;
39 |
40 | /** Normalize character content. */
41 | protected boolean fNormalize;
42 |
43 | /** Print characters. */
44 | protected boolean fPrintChars;
45 |
46 | protected Map<String, Tag> tagRules;
47 |
48 | private CssScanner cssScanner;
49 | private Policy fPolicy;
50 | private boolean parserStyleTag = false;
51 |
52 | public XssFilterDocumentHandler(StringBuilder writerBuffer, Policy policy, CssScanner cssScanner) {
53 | this.fwriterBuffer = writerBuffer;
54 | this.fPolicy = policy;
55 | this.tagRules = policy.getTagRules();
56 | this.cssScanner = cssScanner;
57 | }
58 |
59 | //
60 | // XMLDocumentHandler methods
61 | //
62 |
63 | // since Xerces-J 2.2.0
64 |
65 | /** Start document. */
66 | public void startDocument(XMLLocator locator, String encoding, NamespaceContext nscontext,
67 | Augmentations augs) {
68 | fSeenRootElement = false;
69 | fNormalize = true;
70 | fPrintChars = true;
71 | parserStyleTag = false;
72 | super.startDocument(locator, encoding, nscontext, augs);
73 | }
74 |
75 | // old methods
76 |
77 | /** Start document. */
78 | public void startDocument(XMLLocator locator, String encoding, Augmentations augs)
79 | throws XNIException {
80 | startDocument(locator, encoding, null, augs);
81 | }
82 |
83 | /** Start prefix mapping. */
84 | public void startPrefixMapping(String prefix, String uri, Augmentations augs)
85 | throws XNIException {
86 | if (removalStack == 0) {
87 | super.startPrefixMapping(prefix, uri, augs);
88 | }
89 | }
90 |
91 | /** Start element. */
92 |
93 | public void startElement(QName element, XMLAttributes attributes, Augmentations augs)
94 | throws XNIException {
95 |
96 | if (handleOpenTag(element, attributes) && removalStack == 0) {
97 | fSeenRootElement = true;
98 | fNormalize = !HTMLElements.getElement(element.rawname).isSpecial();
99 | printStartElement(element, attributes);
100 | super.startElement(element, attributes, augs);
101 | }
102 |
103 | }
104 |
105 | /** End element. */
106 |
107 | public void endElement(QName element, Augmentations augs) throws XNIException {
108 | if (elementAccepted(element) && removalStack == 0) {
109 | fNormalize = true;
110 | printEndElement(element);
111 | super.endElement(element, augs);
112 | }
113 |
114 | }
115 |
116 | protected boolean handleOpenTag(QName element, XMLAttributes attributes) {
117 | Tag tag = tagRules.get(element.rawname);
118 | if (tag != null) {
119 | if (tag.getAction() == Action.ACCEPT || tag.getAction() == Action.CSSHANDLER) {
120 | return true;
121 | } else if (tag.getAction() == Action.REMOVE) {
122 | removalStack++;
123 | }
124 | } else { // 如果没有定义的标记
125 | attributes.removeAllAttributes();
126 | }
127 | return false;
128 | }
129 |
130 | protected boolean handleEmptyTag(QName element, XMLAttributes attributes) {
131 | Tag tag = tagRules.get(element.rawname);
132 | if (tag != null) {
133 | if (tag.getAction() == Action.ACCEPT || tag.getAction() == Action.CSSHANDLER) {
134 | return true;
135 | }
136 | } else { // 如果没有定义的标记
137 | attributes.removeAllAttributes();
138 | }
139 | return false;
140 | }
141 |
142 | private boolean elementAccepted(QName element) {
143 | Tag tag = tagRules.get(element.rawname);
144 | boolean accept = false;
145 |
146 | if (tag != null) {
147 | Action action = tag.getAction();
148 | if (action == Action.ACCEPT || action == Action.CSSHANDLER) {
149 | accept = true;
150 | } else if (action == Action.REMOVE) {
151 | removalStack--;
152 | }
153 | }
154 | return accept;
155 | }
156 |
157 | /** Empty element. */
158 | public void emptyElement(QName element, XMLAttributes attributes, Augmentations augs)
159 | throws XNIException {
160 | if (removalStack == 0 && handleEmptyTag(element, attributes)) {
161 | fSeenRootElement = true;
162 | printEmptyElement(element, attributes);
163 | super.emptyElement(element, attributes, augs);
164 | }
165 | }
166 |
167 | /** Comment. */
168 | public void comment(XMLString text, Augmentations augs) throws XNIException {
169 |
170 | if (removalStack == 0 && !fPolicy.removeComment) {
171 | if (fSeenRootElement) {
172 | fwriterBuffer.append("\r\n");
173 | }
174 | fwriterBuffer.append("<!--");
175 | printCharacters(text, false);
176 | fwriterBuffer.append("-->");
177 | if (!fSeenRootElement) {
178 | fwriterBuffer.append("\r\n");
179 | }
180 | }
181 |
182 | } // comment(XMLString,Augmentations)
183 |
184 | /** Processing instruction. */
185 | public void processingInstruction(String target, XMLString data, Augmentations augs)
186 | throws XNIException {
187 | if (removalStack == 0) {
188 | //FIXME
189 | //默认对于处理指令是不允许出现的,因为我们处理的是片断。
190 | //如果要把处理的内容作为独立文档,则需要修改默认的处理片断行为,并打印指令标签<? />
191 | //而不仅仅是打印data
192 | // if (fPrintChars) {
193 | // printCharacters(data, fNormalize);
194 | // }
195 | super.processingInstruction(target, data, augs);
196 | }
197 | }
198 |
199 | /** Characters. */
200 | public void characters(XMLString text, Augmentations augs) throws XNIException {
201 | if (removalStack == 0) {
202 | if (fPrintChars) {
203 | if (parserStyleTag && cssScanner != null) {
204 | String css = new String(text.ch, text.offset, text.length);
205 | fwriterBuffer.append(cssScanner.scanStyleSheet(css, fPolicy.maxCssInputSize,
206 | false));
207 | } else {
208 | printCharacters(text, fNormalize);
209 | }
210 | }
211 | super.characters(text, augs);
212 | }
213 | }
214 |
215 | /** Ignorable whitespace. */
216 | public void ignorableWhitespace(XMLString text, Augmentations augs) throws XNIException {
217 | if (removalStack == 0) {
218 | super.ignorableWhitespace(text, augs);
219 | }
220 | }
221 |
222 | /**
223 | * Start general entity. </br> <li>如果是非法的html字符, 那么直接删除, 这个是为了安全起见, <li>
224 | * 避免特殊的字符集攻击<li>另外windows下一些特殊字符也可以被引起攻击。 这个地方需要好好再研究下。
225 | */
226 | public void startGeneralEntity(String name, XMLResourceIdentifier id, String encoding,
227 | Augmentations augs) throws XNIException {
228 | fPrintChars = false;
229 | if (removalStack == 0) {
230 | if (name.startsWith("#")) {
231 | try {
232 | boolean hex = name.startsWith("#x");
233 | int offset = hex ? 2 : 1;
234 | int base = hex ? 16 : 10;
235 | int value = Integer.parseInt(name.substring(offset), base);
236 | char[] entity = HtmlFastEntities.HTML40.getEntity((char) value);
237 | if (entity != null) {
238 | name = new String(entity);
239 | }
240 | } catch (NumberFormatException e) {
241 | // do nothing
242 | }
243 | }
244 | }
245 | fwriterBuffer.append(name);
246 | super.startGeneralEntity(name, id, encoding, augs);
247 | }
248 |
249 | /** Text declaration. */
250 | public void textDecl(String version, String encoding, Augmentations augs) throws XNIException {
251 | if (removalStack == 0) {
252 | super.textDecl(version, encoding, augs);
253 | }
254 | }
255 |
256 | /** End general entity. */
257 |
258 | public void endGeneralEntity(String name, Augmentations augs) throws XNIException {
259 | fPrintChars = true;
260 | if (removalStack == 0) {
261 | super.endGeneralEntity(name, augs);
262 | }
263 | }
264 |
265 | /** Start CDATA section. */
266 | public void startCDATA(Augmentations augs) throws XNIException {
267 | if (removalStack == 0) {
268 | super.startCDATA(augs);
269 | }
270 | }
271 |
272 | /** End CDATA section. */
273 | public void endCDATA(Augmentations augs) throws XNIException {
274 | if (removalStack == 0) {
275 | super.endCDATA(augs);
276 | }
277 | }
278 |
279 | /** End prefix mapping. */
280 | public void endPrefixMapping(String prefix, Augmentations augs) throws XNIException {
281 | if (removalStack == 0) {
282 | super.endPrefixMapping(prefix, augs);
283 | }
284 | }
285 |
286 | protected void printCharacters(XMLString text, boolean normalize) {
287 | if (normalize) {
288 | for (int i = 0; i < text.length; i++) {
289 | char c = text.ch[text.offset + i];
290 |
291 | /*
292 | * // 过滤掉过多的空格---' ', 制表符号---\t, 和回车---\n if (c != '\n' || c !=
293 | * ' ' || c != '\t') { char[] entity =
294 | * HtmlFastEntities.HTML40.getEntity(c); if (entity != null) {
295 | * fwriterBuffer.append(entity); } else {
296 | * fwriterBuffer.append(c); } } else {
297 | * fwriterBuffer.append("\r\n"); }
298 | */
299 | // add by kiki.huangy
300 | if (c == '\r' && i != text.length - 1 && text.ch[text.offset + i + 1] == '\n') {
301 | fwriterBuffer.append("\r\n");
302 | i++;
303 | } else if (c == ' ' || c == '\t') {
304 | fwriterBuffer.append(c);
305 | } else if (c == '\n') {
306 | fwriterBuffer.append("\r\n");
307 | } else {
308 | char[] entity = HtmlFastEntities.HTML40.getEntity(c);
309 | if (entity != null) {
310 | fwriterBuffer.append(entity);
311 | } else {
312 | fwriterBuffer.append(c);
313 | }
314 | }
315 | }
316 | } else {
317 | fwriterBuffer.append(text.ch, text.offset, text.length);
318 | }
319 | }
320 |
321 | // print element
322 | protected void printStartElement(QName element, XMLAttributes attributes) {
323 | fwriterBuffer.append('<');
324 | fwriterBuffer.append(element.rawname);
325 | int attrCount = attributes != null ? attributes.getLength() : 0;
326 | Tag tag = tagRules.get(element.rawname);
327 | if (tag.action == Action.CSSHANDLER && element.rawname.equalsIgnoreCase("style")) {
328 | parserStyleTag = true;
329 | }
330 |
331 | List<String> allAttr = new ArrayList<String>(tag.getAllowedAttributes().keySet());
332 | for (int i = 0; i < attrCount; i++) {
333 | String name = attributes.getQName(i);
334 | String value = attributes.getValue(i);
335 | if(value == null){//以后实现不能保证value != null,axman.wangjh 2010.01.21 add
336 | value = "";
337 | }
338 |
339 | //下面是对embed的src参数过虑,暂时没有好的方法。只能在程序中硬编码 jinhua.wangjh 2010.01.21
340 | if(tag.getName().equalsIgnoreCase("embed") && name.equalsIgnoreCase("src")){
341 | int index = value.indexOf("?");
342 | if(index != -1){
343 | value = value.substring(0,index);
344 | }
345 | }
346 |
347 | // print allowed tag attribute
348 | Attribute attr = tag.getAllowedAttributes().get(name);
349 | if (attr != null) {
350 | // spec attribute should be validated that defined in policy xml
351 | // file.
352 | boolean canAcceptAttr = false;
353 | List<Pattern> expr = attr.allowedRegExp;
354 | // 属性值是空的没有意义, 不输出
355 | if (expr != null && !value.equals("")) {
356 | for (Pattern pattern : expr) {
357 | if (pattern.matcher(value).matches()) {
358 | canAcceptAttr = true;
359 | break;
360 | }
361 | }
362 | } else if(!value.equals("")){// 没有规则定义规则的, style 不能定义规则,否则导致css 扫描失败
363 | // 同时value 不为空时才处理 axman.wangjh 2010.01.21 add
364 | if (fPolicy.enableStyleScan) {
365 | if (attr.restrictAttribute == RestrictAttribute.STYLE && cssScanner != null) {
366 | value = cssScanner.scanStyleSheet(value, fPolicy.maxCssInputSize, true);
367 | }
368 | }
369 | canAcceptAttr = true;
370 | }
371 | if (canAcceptAttr) {
372 | allAttr.remove(name);
373 | fwriterBuffer.append(' ');
374 | fwriterBuffer.append(name);
375 | fwriterBuffer.append("=\"");
376 | printAttributeValue(value);
377 | fwriterBuffer.append('"');
378 | }
379 | }
380 |
381 | }
382 | for(String defaultName : allAttr){
383 |
384 | String defaultValue = tag.getAllowedAttributes().get(defaultName).defaultValue;
385 | if(defaultValue != null && !defaultValue.equals("")){
386 | fwriterBuffer.append(' ');
387 | fwriterBuffer.append(defaultName);
388 | fwriterBuffer.append("=\"");
389 | printAttributeValue(defaultValue);
390 | fwriterBuffer.append('"');
391 | }
392 | }
393 | fwriterBuffer.append('>');
394 | }
395 |
396 | /**
397 | * @author jinhua.wangjh 20090923
398 | * @description 把自闭合标签的打印独立出来处理。
399 | */
400 | protected void printEmptyElement(QName element, XMLAttributes attributes) {
401 | this.printStartElement(element, attributes);
402 | this.fwriterBuffer.insert(this.fwriterBuffer.length() - 1, '/');
403 | }
404 |
405 | /**
406 | * 输出属性值并转义符号(quota): <code>“</code>
407 | *
408 | * @param text
409 | */
410 | private void printAttributeValue(String text) {
411 | int length = text.length();
412 | for (int j = 0; j < length; j++) {
413 | char c = text.charAt(j);
414 | if (c == '"') {
415 | fwriterBuffer.append(""");
416 | } else {
417 | fwriterBuffer.append(c);
418 | }
419 | }
420 | }
421 |
422 | private void printEndElement(QName element) {
423 | Tag tag = tagRules.get(element.rawname);
424 | if (tag.action == Action.CSSHANDLER && element.rawname.equalsIgnoreCase("style")) {
425 | parserStyleTag = false;
426 | }
427 | fwriterBuffer.append("</");
428 | fwriterBuffer.append(element.rawname);
429 | fwriterBuffer.append('>');
430 | }
431 | }
432 |
--------------------------------------------------------------------------------
/src/main/java/com/github/textutils/text/data/PINYING_U8.TXT:
--------------------------------------------------------------------------------
1 | 啊 a,e
2 | 阿 a,e
3 | 埃 ai,zhi
4 | 挨 ai
5 | 哎 ai
6 | 唉 ai
7 | 哀 ai
8 | 皑 ai
9 | 癌 ai
10 | 蔼 ai
11 | 矮 ai
12 | 艾 ai,yi
13 | 碍 ai
14 | 爱 ai
15 | 隘 ai,e
16 | 鞍 an
17 | 氨 an
18 | 安 an
19 | 俺 an,yan
20 | 按 an
21 | 暗 an
22 | 岸 an
23 | 胺 an,e
24 | 案 an
25 | 肮 ang,gang,hang
26 | 昂 ang,yang
27 | 盎 ang
28 | 凹 ao,wa
29 | 敖 ao
30 | 熬 ao
31 | 翱 ao
32 | 袄 ao
33 | 傲 ao
34 | 奥 ao,you,yu
35 | 懊 ao,yu
36 | 澳 ao,yu
37 | 芭 ba,pa
38 | 扒 ba,bai,bie,pa
39 | 叭 ba,pa
40 | 吧 ba,pa
41 | 笆 ba
42 | 八 ba
43 | 疤 ba
44 | 巴 ba
45 | 拔 ba,bie,bo,fa
46 | 跋 ba,bei
47 | 靶 ba
48 | 把 ba,pa
49 | 耙 ba,pa
50 | 坝 ba
51 | 霸 ba,po
52 | 罢 ba
53 | 爸 ba
54 | 白 bai,bo
55 | 柏 bai,bo
56 | 百 bai,bo,mo
57 | 摆 bai
58 | 佰 bai,mo
59 | 败 bai
60 | 拜 bai
61 | 稗 bai
62 | 斑 ban
63 | 班 ban
64 | 搬 ban,su
65 | 扳 ban,pan
66 | 般 ban,bo,pan
67 | 颁 ban,fen
68 | 板 ban
69 | 版 ban
70 | 扮 ban,fen,huo
71 | 拌 ban,pan
72 | 伴 ban,pan
73 | 瓣 ban
74 | 半 ban,pan
75 | 办 ban
76 | 绊 ban
77 | 邦 bang
78 | 帮 bang
79 | 梆 bang
80 | 榜 bang,beng
81 | 膀 bang,pang
82 | 绑 bang
83 | 棒 bang
84 | 磅 bang,pang
85 | 蚌 bang,beng,feng,pi
86 | 镑 bang,pang
87 | 傍 bang,beng,pang,peng
88 | 谤 bang
89 | 苞 bao,biao,pao
90 | 胞 bao,pao
91 | 包 bao,fu,pao
92 | 褒 bao,pou
93 | 剥 bao,bo,pu
94 | 薄 bao,bo,bu
95 | 雹 bao
96 | 保 bao
97 | 堡 bao,bu,pu
98 | 饱 bao
99 | 宝 bao
100 | 抱 bao,pao,pou
101 | 报 bao
102 | 暴 bao,bo,pu
103 | 豹 bao
104 | 鲍 bao,pao
105 | 爆 bao,bo
106 | 杯 bei
107 | 碑 bei
108 | 悲 bei
109 | 卑 bei,bi,pi
110 | 北 bei
111 | 辈 bei
112 | 背 bei
113 | 贝 bei
114 | 钡 bei
115 | 倍 bei,pei
116 | 狈 bei
117 | 备 bei
118 | 惫 bei
119 | 焙 bei
120 | 被 bei,bi,pi
121 | 奔 ben,fen
122 | 苯 ben
123 | 本 ben,pen
124 | 笨 ben
125 | 崩 beng
126 | 绷 beng
127 | 甭 beng,qi
128 | 泵 beng,liu,pin
129 | 蹦 beng,cheng
130 | 迸 beng,peng
131 | 逼 bi
132 | 鼻 bi
133 | 比 bi,pi
134 | 鄙 bi
135 | 笔 bi
136 | 彼 bi
137 | 碧 bi
138 | 蔽 bi,bie,pie
139 | 毕 bi
140 | 毙 bi
141 | 币 bi,yin
142 | 庇 bi,pi
143 | 痹 bi
144 | 闭 bi
145 | 敝 bi
146 | 弊 bi
147 | 必 bi
148 | 辟 bi,mi,pi
149 | 壁 bi
150 | 臂 bei,bi
151 | 避 bi
152 | 陛 bi
153 | 鞭 bian
154 | 边 bian
155 | 编 bian
156 | 贬 bian,fa
157 | 扁 bian,pian
158 | 便 bian,pian
159 | 变 bian
160 | 卞 bian,pan
161 | 辨 ban,bian
162 | 辩 ban,bian,pian
163 | 辫 bian
164 | 遍 bian
165 | 标 biao
166 | 彪 biao
167 | 膘 biao,piao
168 | 表 biao
169 | 鳖 bie
170 | 憋 bie
171 | 别 bie
172 | 瘪 bie
173 | 彬 ban,bin
174 | 斌 bin
175 | 濒 bin
176 | 滨 bin
177 | 宾 bin
178 | 摈 bin
179 | 兵 bing
180 | 冰 bing,ning
181 | 柄 bing
182 | 丙 bing
183 | 秉 bing
184 | 饼 bing
185 | 炳 bing
186 | 病 bing
187 | 并 bing
188 | 玻 bo
189 | 菠 bo
190 | 播 bo
191 | 拨 bo,fa
192 | 钵 bo
193 | 波 bei,bi,bo
194 | 博 bo
195 | 勃 bo
196 | 搏 bo
197 | 铂 bo
198 | 箔 bo
199 | 伯 ba,bai,bo,mo
200 | 帛 bo
201 | 舶 bo
202 | 脖 bo
203 | 膊 bo,lie,po
204 | 渤 bo
205 | 泊 bo,po
206 | 驳 bo
207 | 捕 bu
208 | 卜 bo,bu,pu
209 | 哺 bu,fu
210 | 补 bu
211 | 埠 bu
212 | 不 bu,dun,fou,fu
213 | 布 bu
214 | 步 bu
215 | 簿 bao,bo,bu
216 | 部 bu,pou
217 | 怖 bu
218 | 擦 ca
219 | 猜 cai
220 | 裁 cai
221 | 材 cai
222 | 才 cai,zai
223 | 财 cai
224 | 睬 cai
225 | 踩 cai,kui
226 | 采 cai
227 | 彩 cai
228 | 菜 cai
229 | 蔡 ca,cai,sa
230 | 餐 can,sun
231 | 参 can,cen,san,shen
232 | 蚕 can,tian
233 | 残 can
234 | 惭 can
235 | 惨 can
236 | 灿 can
237 | 苍 cang
238 | 舱 cang
239 | 仓 cang,chuang
240 | 沧 cang
241 | 藏 cang,zang
242 | 操 cao
243 | 糙 cao
244 | 槽 cao,zao
245 | 曹 cao
246 | 草 cao,zao
247 | 厕 ce,ci,si,ze
248 | 策 ce
249 | 侧 ce,ze,zhai
250 | 册 ce,zha
251 | 测 ce
252 | 层 ceng
253 | 蹭 ceng
254 | 插 cha,zha
255 | 叉 cha,chai
256 | 茬 cha,chi
257 | 茶 cha
258 | 查 cha,chai,zha
259 | 碴 cha
260 | 搽 cha
261 | 察 cha,cui
262 | 岔 cha
263 | 差 cha,chai,ci
264 | 诧 cha,du
265 | 拆 ca,chai,chi
266 | 柴 chai,ci,zhai
267 | 豺 chai
268 | 搀 chan,shan
269 | 掺 can,chan,sen,shan
270 | 蝉 chan
271 | 馋 chan
272 | 谗 chan
273 | 缠 chan
274 | 铲 chan
275 | 产 chan
276 | 阐 chan
277 | 颤 chan,shan,zhan
278 | 昌 chang
279 | 猖 chang
280 | 场 chang,dang,shang
281 | 尝 chang
282 | 常 chang
283 | 长 chang,zhang
284 | 偿 chang
285 | 肠 chang
286 | 厂 an,chang,han,yan
287 | 敞 chang,cheng,zheng
288 | 畅 chang
289 | 唱 chang
290 | 倡 chang
291 | 超 chao,tiao
292 | 抄 chao,suo
293 | 钞 chao
294 | 朝 chao,zhao,zhu
295 | 嘲 chao,zhao
296 | 潮 chao
297 | 巢 chao
298 | 吵 chao,miao
299 | 炒 chao
300 | 车 che,ju
301 | 扯 che
302 | 撤 che
303 | 掣 che
304 | 彻 che
305 | 澈 che
306 | 郴 chen,lan
307 | 臣 chen
308 | 辰 chen
309 | 尘 chen
310 | 晨 chen
311 | 忱 chen,dan
312 | 沉 chen
313 | 陈 chen
314 | 趁 chen,nian,zhen
315 | 衬 chen
316 | 撑 cheng
317 | 称 chen,cheng
318 | 城 cheng
319 | 橙 chen,cheng,deng
320 | 成 cheng
321 | 呈 cheng
322 | 乘 cheng,sheng
323 | 程 cheng
324 | 惩 cheng
325 | 澄 cheng,deng
326 | 诚 cheng
327 | 承 cheng,zhang,zheng
328 | 逞 cheng,ying
329 | 骋 cheng
330 | 秤 chen,cheng,ping
331 | 吃 chi,qi
332 | 痴 chi
333 | 持 chi
334 | 匙 chi,shi
335 | 池 che,chi,tuo
336 | 迟 chi,zhi
337 | 弛 chi
338 | 驰 chi
339 | 耻 chi
340 | 齿 chi
341 | 侈 chi
342 | 尺 che,chi
343 | 赤 chi
344 | 翅 chi
345 | 斥 che,chi,zhe
346 | 炽 chi
347 | 充 chong
348 | 冲 chong
349 | 虫 chong,hui
350 | 崇 chong
351 | 宠 chong,long
352 | 抽 chou
353 | 酬 chou
354 | 畴 chou
355 | 踌 chou
356 | 稠 chou,diao,tiao
357 | 愁 chou,jiu,qiao
358 | 筹 chou,tao
359 | 仇 chou,ju,qiu
360 | 绸 chou,diao,tao
361 | 瞅 chou
362 | 丑 chou
363 | 臭 chou,xiu
364 | 初 chu
365 | 出 chu
366 | 橱 chu
367 | 厨 chu
368 | 躇 chu,chuo
369 | 锄 chu,ju
370 | 雏 chu,ju
371 | 滁 chu
372 | 除 chu,shu,zhu
373 | 楚 chu
374 | 础 chu
375 | 储 chu
376 | 矗 chu
377 | 搐 chu
378 | 触 chu
379 | 处 chu
380 | 揣 chuai,duo,zhui
381 | 川 chuan
382 | 穿 chuan,yuan
383 | 椽 chuan
384 | 传 chuan,zhuan
385 | 船 chuan
386 | 喘 chuan
387 | 串 chuan,guan
388 | 疮 chuang
389 | 窗 chuang,cong
390 | 幢 chuang,zhuang
391 | 床 chuang
392 | 闯 chen,chuang
393 | 创 chuang
394 | 吹 chui
395 | 炊 chui
396 | 捶 chui,duo
397 | 锤 chui
398 | 垂 chui,zhui
399 | 春 chun
400 | 椿 chun
401 | 醇 chun
402 | 唇 chun,zhen
403 | 淳 chun,zhun
404 | 纯 chun,quan,tun,zhun
405 | 蠢 chun
406 | 戳 chuo
407 | 绰 chao,chuo
408 | 疵 ci,ji,zhai,zi
409 | 茨 ci
410 | 磁 ci
411 | 雌 ci
412 | 辞 ci
413 | 慈 ci
414 | 瓷 ci
415 | 词 ci
416 | 此 ci
417 | 刺 ci,qi
418 | 赐 ci
419 | 次 ci,zi
420 | 聪 cong
421 | 葱 chuang,cong
422 | 囱 chuang,cong
423 | 匆 cong
424 | 从 cong
425 | 丛 cong
426 | 凑 cou
427 | 粗 cu
428 | 醋 cu,zuo
429 | 簇 chuo,cou,cu
430 | 促 chuo,cu
431 | 蹿 cuan
432 | 篡 cuan
433 | 窜 cuan
434 | 摧 cui,cuo,zui
435 | 崔 cui
436 | 催 cui
437 | 脆 cui
438 | 瘁 cui
439 | 粹 cui,sui
440 | 淬 cui,zu
441 | 翠 cui
442 | 村 cun
443 | 存 cun
444 | 寸 cun
445 | 磋 cuo
446 | 撮 chua,cuo,zuan,zui,zuo
447 | 搓 chai,cuo,guo
448 | 措 ci,cuo,ze
449 | 挫 cuo,zuo
450 | 错 cu,cuo,xi
451 | 搭 da,ta
452 | 达 da,ta,ti
453 | 答 da
454 | 瘩 da
455 | 打 da
456 | 大 da,dai,tai
457 | 呆 ai,bao,dai
458 | 歹 dai,e
459 | 傣 dai
460 | 戴 dai
461 | 带 dai
462 | 殆 dai
463 | 代 dai
464 | 贷 dai
465 | 袋 dai
466 | 待 dai
467 | 逮 dai,di
468 | 怠 dai,yi
469 | 耽 dan
470 | 担 dan,jie
471 | 丹 dan
472 | 单 chan,dan,shan
473 | 郸 dan,duo
474 | 掸 chan,dan,shan,tan
475 | 胆 da,dan,tan
476 | 旦 dan
477 | 氮 dan
478 | 但 dan,tan,yan
479 | 惮 dan
480 | 淡 dan,tan,yan
481 | 诞 dan
482 | 弹 dan,tan,tang
483 | 蛋 dan
484 | 当 dang
485 | 挡 dang
486 | 党 dang
487 | 荡 dang,tang
488 | 档 dang
489 | 刀 dao,diao
490 | 捣 dao
491 | 蹈 dao
492 | 倒 dao
493 | 岛 dao
494 | 祷 dao
495 | 导 dao
496 | 到 dao
497 | 稻 dao
498 | 悼 dao
499 | 道 dao
500 | 盗 dao
501 | 德 de
502 | 得 de,dei
503 | 的 de,di
504 | 蹬 deng
505 | 灯 deng,ding
506 | 登 de,deng
507 | 等 deng
508 | 瞪 deng
509 | 凳 deng
510 | 邓 deng,shan
511 | 堤 di,shi,wei
512 | 低 di
513 | 滴 di
514 | 迪 di
515 | 敌 di,hua
516 | 笛 di
517 | 狄 di,ti
518 | 涤 di
519 | 翟 di,zhai
520 | 嫡 di
521 | 抵 di,qi,zhi
522 | 底 de,di
523 | 地 de,di
524 | 蒂 di
525 | 第 di
526 | 帝 di
527 | 弟 di,ti,tui
528 | 递 di
529 | 缔 di
530 | 颠 dian,tian
531 | 掂 dian
532 | 滇 dian,tian,zhen
533 | 碘 dian
534 | 点 dian
535 | 典 dian,tian
536 | 垫 dian
537 | 电 dian
538 | 佃 dian,tian
539 | 甸 dian,sheng,tian,ying
540 | 店 dian
541 | 惦 dian
542 | 奠 dian,ding,ting,zun
543 | 淀 dian
544 | 殿 dian
545 | 碉 diao
546 | 叼 diao
547 | 雕 diao
548 | 凋 diao
549 | 刁 diao
550 | 掉 diao,nuo
551 | 吊 diao
552 | 钓 diao
553 | 调 diao,tiao,zhou
554 | 跌 die,tu
555 | 爹 die
556 | 碟 die,she
557 | 蝶 die,tie
558 | 迭 da,die,yi
559 | 谍 die,xie
560 | 叠 die
561 | 丁 ding,zheng
562 | 盯 cheng,ding
563 | 叮 ding
564 | 钉 ding,ling
565 | 顶 ding
566 | 鼎 ding,zhen
567 | 锭 ding
568 | 定 ding
569 | 订 ding
570 | 丢 diu
571 | 东 dong
572 | 冬 dong
573 | 董 dong,zhong
574 | 懂 dong
575 | 动 dong
576 | 栋 dong
577 | 侗 dong,tong
578 | 恫 dong,tong
579 | 冻 dong
580 | 洞 dong,tong
581 | 兜 dou
582 | 抖 dou
583 | 斗 dou,zhu
584 | 陡 dou
585 | 豆 dou
586 | 逗 dou,qi,tou,zhu
587 | 痘 dou
588 | 都 dou,du
589 | 督 du
590 | 毒 dai,du
591 | 犊 du
592 | 独 du
593 | 读 dou,du
594 | 堵 du,zhe
595 | 睹 du
596 | 赌 du
597 | 杜 du,tu
598 | 镀 du
599 | 肚 du
600 | 度 du,duo,zhai
601 | 渡 du
602 | 妒 du
603 | 端 duan
604 | 短 duan
605 | 锻 duan
606 | 段 duan
607 | 断 duan
608 | 缎 duan
609 | 堆 dui,zui
610 | 兑 dui,duo,rui
611 | 队 dui
612 | 对 dui
613 | 墩 dun
614 | 吨 dun,tun
615 | 蹲 cun,dun,zun
616 | 敦 dui,dun,tuan
617 | 顿 du,dun
618 | 囤 dun,tun
619 | 钝 dun
620 | 盾 dun,yun
621 | 遁 dun,qun,xun
622 | 掇 duo,zhuo
623 | 哆 chi,duo,zha
624 | 多 che,duo,zhi
625 | 夺 dui,duo
626 | 垛 duo
627 | 躲 duo
628 | 朵 duo
629 | 跺 duo
630 | 舵 duo,tuo
631 | 剁 duo
632 | 惰 duo,tuo
633 | 堕 duo,hui
634 | 蛾 e,yi
635 | 峨 e
636 | 鹅 e
637 | 俄 e
638 | 额 e
639 | 讹 e
640 | 娥 e
641 | 恶 e,wu
642 | 厄 e
643 | 扼 e
644 | 遏 e
645 | 鄂 e
646 | 饿 e
647 | 恩 en
648 | 而 er,neng
649 | 儿 er,ren
650 | 耳 er
651 | 尔 er,mi
652 | 饵 er
653 | 洱 er
654 | 二 er
655 | 贰 er
656 | 发 fa
657 | 罚 fa
658 | 筏 fa
659 | 伐 fa
660 | 乏 fa
661 | 阀 fa
662 | 法 fa
663 | 藩 fan
664 | 帆 fan
665 | 番 bo,fan,pan
666 | 翻 fan
667 | 樊 fan
668 | 矾 fan
669 | 繁 fan,pan,po
670 | 凡 fan
671 | 烦 fan
672 | 反 fan
673 | 返 fan
674 | 范 fan
675 | 贩 fan
676 | 犯 fan
677 | 饭 fan
678 | 泛 fa,fan,feng
679 | 坊 fang
680 | 芳 fang
681 | 方 fang,pang
682 | 肪 fang
683 | 房 fang,pang
684 | 防 fang
685 | 妨 fang
686 | 仿 fang,pang
687 | 访 fang
688 | 纺 bang,fang
689 | 放 fang
690 | 菲 fei
691 | 非 fei
692 | 啡 fei,pai,pei
693 | 飞 fei
694 | 肥 fei
695 | 匪 fei,fen
696 | 诽 fei
697 | 吠 fei
698 | 肺 fei,pie
699 | 废 fei
700 | 沸 fei,fu
701 | 费 bi,fei,fu
702 | 芬 fen
703 | 吩 fen,pen
704 | 氛 fen
705 | 分 ban,fen
706 | 纷 fen
707 | 坟 fen
708 | 焚 fen
709 | 汾 fen,pen
710 | 粉 fen
711 | 奋 fen,kang
712 | 份 bin,fen
713 | 忿 fen
714 | 愤 fen
715 | 粪 fen
716 | 丰 feng
717 | 封 bian,feng
718 | 枫 feng
719 | 蜂 feng
720 | 峰 feng
721 | 锋 feng
722 | 风 feng
723 | 疯 feng
724 | 烽 feng
725 | 逢 feng,pang,peng
726 | 冯 feng,ping
727 | 缝 feng
728 | 讽 feng
729 | 奉 feng
730 | 凤 feng
731 | 佛 bi,bo,fo,fu
732 | 否 fou,pi
733 | 夫 fu
734 | 敷 fu
735 | 肤 fu,lu
736 | 孵 fu
737 | 扶 fu,pu
738 | 拂 bi,fei,fu,pi
739 | 辐 fu
740 | 幅 bi,fu
741 | 氟 fu
742 | 符 fu
743 | 伏 fu
744 | 俘 fu
745 | 服 bi,bo,fu
746 | 浮 fu
747 | 涪 fu,pou
748 | 福 fu
749 | 袱 fu
750 | 弗 fu
751 | 甫 fu,pu
752 | 抚 fu,mo
753 | 辅 fu
754 | 俯 fu
755 | 釜 fu
756 | 斧 fu
757 | 脯 fu,pu
758 | 腑 fu
759 | 府 fu,zhou
760 | 腐 fu
761 | 赴 fu
762 | 副 fu,pi
763 | 覆 fu
764 | 赋 fu
765 | 复 bi,fu
766 | 傅 fu
767 | 付 fu
768 | 阜 fu
769 | 父 fu
770 | 腹 fu
771 | 负 fu
772 | 富 fu
773 | 讣 fu
774 | 附 bu,fu
775 | 妇 fu
776 | 缚 fu
777 | 咐 fu
778 | 噶 ga,ge
779 | 嘎 ga
780 | 该 gai
781 | 改 gai
782 | 概 gai,gui,jie
783 | 钙 gai
784 | 盖 gai,ge
785 | 溉 gai,xie
786 | 干 an,gan
787 | 甘 gan,han
788 | 杆 gan
789 | 柑 gan,qian
790 | 竿 gan
791 | 肝 gan
792 | 赶 gan,qian
793 | 感 gan,han
794 | 秆 gan
795 | 敢 gan
796 | 赣 gan,gong,zhuang
797 | 冈 gang
798 | 刚 gang
799 | 钢 gang
800 | 缸 gang
801 | 肛 gang
802 | 纲 gang
803 | 岗 gang
804 | 港 gang,hong
805 | 杠 gang,gong
806 | 篙 gao
807 | 皋 gao,gu,hao
808 | 高 gao
809 | 膏 gao
810 | 羔 gao
811 | 糕 gao
812 | 搞 gao,kao,qiao
813 | 镐 gao,hao
814 | 稿 gao
815 | 告 gao,gu,ju
816 | 哥 ge
817 | 歌 ge
818 | 搁 ge
819 | 戈 ge
820 | 鸽 ge
821 | 胳 ga,ge
822 | 疙 ge,yi
823 | 割 ge
824 | 革 ge,ji
825 | 葛 ge
826 | 格 ge,he,luo
827 | 蛤 ge,ha
828 | 阁 ge
829 | 隔 ge,ji,rong
830 | 铬 ge,luo
831 | 个 gan,ge
832 | 各 ge
833 | 给 gei,ji,xia
834 | 根 gen
835 | 跟 gen
836 | 耕 geng
837 | 更 geng
838 | 庚 geng
839 | 羹 geng,lang
840 | 埂 geng
841 | 耿 geng
842 | 梗 geng
843 | 工 gong
844 | 攻 gong
845 | 功 gong
846 | 恭 gong
847 | 龚 gong
848 | 供 gong
849 | 躬 gong
850 | 公 gong
851 | 宫 gong
852 | 弓 gong
853 | 巩 gong
854 | 汞 gong
855 | 拱 gong,ju
856 | 贡 gong
857 | 共 gong
858 | 钩 gou
859 | 勾 gou
860 | 沟 gou
861 | 苟 gou
862 | 狗 gou
863 | 垢 gou
864 | 构 gou
865 | 购 gou
866 | 够 gou
867 | 辜 gu
868 | 菇 gu
869 | 咕 gu
870 | 箍 gu
871 | 估 gu
872 | 沽 gu
873 | 孤 gu
874 | 姑 gu
875 | 鼓 gu
876 | 古 gu,ku
877 | 蛊 gu
878 | 骨 gu
879 | 谷 gu,lu,yu
880 | 股 gu
881 | 故 gu
882 | 顾 gu
883 | 固 gu
884 | 雇 gu,hu
885 | 刮 gua
886 | 瓜 gua
887 | 剐 gua
888 | 寡 gua
889 | 挂 gua
890 | 褂 gua
891 | 乖 guai
892 | 拐 guai
893 | 怪 guai
894 | 棺 guan
895 | 关 guan,wan
896 | 官 guan
897 | 冠 guan
898 | 观 guan
899 | 管 guan
900 | 馆 guan
901 | 罐 guan
902 | 惯 guan
903 | 灌 guan,huan
904 | 贯 guan,wan
905 | 光 guang
906 | 广 an,guang,yan
907 | 逛 guang,kuang
908 | 瑰 gui
909 | 规 gui,xu
910 | 圭 gui
911 | 硅 gui,he
912 | 归 gui
913 | 龟 gui,jun,qiu
914 | 闺 gui
915 | 轨 gui
916 | 鬼 gui
917 | 诡 gui
918 | 癸 gui
919 | 桂 gui
920 | 柜 gui,ju
921 | 跪 gui
922 | 贵 gui
923 | 刽 gui
924 | 辊 gun
925 | 滚 gun
926 | 棍 ao,gun,hun
927 | 锅 guo
928 | 郭 guo
929 | 国 guo
930 | 果 guan,guo,luo
931 | 裹 guo
932 | 过 guo
933 | 哈 ha,he
934 | 骸 gai,hai
935 | 孩 hai
936 | 海 hai
937 | 氦 hai
938 | 亥 hai,jie
939 | 害 hai,he
940 | 骇 hai
941 | 酣 han
942 | 憨 han
943 | 邯 han
944 | 韩 han
945 | 含 han
946 | 涵 han
947 | 寒 han
948 | 函 han
949 | 喊 han,jian,kan
950 | 罕 han
951 | 翰 han
952 | 撼 han
953 | 捍 gan,han,xian
954 | 旱 han
955 | 憾 dan,han
956 | 悍 han
957 | 焊 han
958 | 汗 gan,han
959 | 汉 han
960 | 夯 ben,hang
961 | 杭 hang,kang
962 | 航 hang
963 | 壕 hao
964 | 嚎 hao
965 | 豪 hao
966 | 毫 hao
967 | 郝 hao,shi
968 | 好 hao
969 | 耗 hao,mao
970 | 号 hao,xiao
971 | 浩 gao,ge,hao
972 | 呵 a,ha,he,ke
973 | 喝 he,kai,ye
974 | 荷 he
975 | 菏 ge,he
976 | 核 gai,he,hu,kai
977 | 禾 he
978 | 和 he,hu,huo
979 | 何 he
980 | 合 ge,he
981 | 盒 an,he
982 | 貉 hao,he,ma,mo
983 | 阂 ai,gai,hai,he
984 | 河 he
985 | 涸 he
986 | 赫 he,shi
987 | 褐 he
988 | 鹤 he
989 | 贺 he
990 | 嘿 hai,hei,mo,mu
991 | 黑 hei
992 | 痕 hen
993 | 很 hen
994 | 狠 hen,ken,yan
995 | 恨 hen
996 | 哼 heng
997 | 亨 heng,peng,xiang
998 | 横 guang,heng
999 | 衡 heng
1000 | 恒 heng
1001 | 轰 hong
1002 | 哄 hong
1003 | 烘 hong
1004 | 虹 gong,hong,jiang
1005 | 鸿 hong
1006 | 洪 hong
1007 | 宏 hong
1008 | 弘 hong
1009 | 红 gong,hong,jiang
1010 | 喉 hou
1011 | 侯 hou
1012 | 猴 hou
1013 | 吼 hou
1014 | 厚 hou
1015 | 候 hou
1016 | 后 hou
1017 | 呼 he,hu,xiao,xu
1018 | 乎 hu
1019 | 忽 hu
1020 | 瑚 hu
1021 | 壶 hu
1022 | 葫 hu
1023 | 胡 hu
1024 | 蝴 hu
1025 | 狐 hu
1026 | 糊 hu
1027 | 湖 hu
1028 | 弧 hu
1029 | 虎 hu
1030 | 唬 guo,hao,hu,xia,xiao
1031 | 护 hu
1032 | 互 hu
1033 | 沪 hu
1034 | 户 hu
1035 | 花 hua
1036 | 哗 hua
1037 | 华 hua
1038 | 猾 hua
1039 | 滑 gu,hua
1040 | 画 hua
1041 | 划 guo,hua,huai
1042 | 化 hua,huo
1043 | 话 hua
1044 | 槐 huai
1045 | 徊 huai,hui
1046 | 怀 fu,huai
1047 | 淮 huai
1048 | 坏 huai,pei,pi
1049 | 欢 huan
1050 | 环 huan
1051 | 桓 huan
1052 | 还 fu,hai,huan
1053 | 缓 huan
1054 | 换 huan
1055 | 患 huan
1056 | 唤 huan
1057 | 痪 huan
1058 | 豢 huan
1059 | 焕 huan
1060 | 涣 huan,hui
1061 | 宦 huan
1062 | 幻 huan
1063 | 荒 huang,kang
1064 | 慌 huang
1065 | 黄 huang
1066 | 磺 huang,kuang
1067 | 蝗 huang
1068 | 簧 huang
1069 | 皇 huang,wang
1070 | 凰 huang
1071 | 惶 huang
1072 | 煌 huang
1073 | 晃 huang
1074 | 幌 huang
1075 | 恍 guang,huang
1076 | 谎 huang
1077 | 灰 hui
1078 | 挥 hui,hun
1079 | 辉 hui
1080 | 徽 hui
1081 | 恢 hui
1082 | 蛔 hui
1083 | 回 hui
1084 | 毁 hui
1085 | 悔 hui
1086 | 慧 hui
1087 | 卉 hui
1088 | 惠 hui
1089 | 晦 hui
1090 | 贿 hui
1091 | 秽 hui
1092 | 会 hui,kuai,kuo
1093 | 烩 hui
1094 | 汇 hui
1095 | 讳 hui
1096 | 诲 hui
1097 | 绘 gui,hui
1098 | 荤 hun,xun
1099 | 昏 hun
1100 | 婚 hun
1101 | 魂 hun
1102 | 浑 gun,hun
1103 | 混 gun,hun,kun
1104 | 豁 hua,huo
1105 | 活 guo,huo
1106 | 伙 huo
1107 | 火 huo
1108 | 获 huo
1109 | 或 huo,yu
1110 | 惑 huo
1111 | 霍 he,huo,suo
1112 | 货 huo
1113 | 祸 huo
1114 | 击 ji
1115 | 圾 ji,jie
1116 | 基 ji
1117 | 机 ji,wei
1118 | 畸 ji,qi
1119 | 稽 ji,qi
1120 | 积 ji,zhi
1121 | 箕 ji
1122 | 肌 ji
1123 | 饥 ji
1124 | 迹 ji
1125 | 激 ji,jiao
1126 | 讥 ji
1127 | 鸡 ji
1128 | 姬 ji,yi
1129 | 绩 ji
1130 | 缉 ji,qi
1131 | 吉 ji
1132 | 极 ji
1133 | 棘 ji
1134 | 辑 ji
1135 | 籍 ji,jie
1136 | 集 ji
1137 | 及 ji
1138 | 急 ji
1139 | 疾 ji
1140 | 汲 ji
1141 | 即 ji
1142 | 嫉 ji
1143 | 级 ji
1144 | 挤 ji
1145 | 几 ji
1146 | 脊 ji
1147 | 己 ji,qi
1148 | 蓟 ji
1149 | 技 ji,qi
1150 | 冀 ji
1151 | 季 ji
1152 | 伎 ji,qi,zhi
1153 | 祭 ji,zhai
1154 | 剂 ji
1155 | 悸 ji
1156 | 济 ji,qi
1157 | 寄 ji
1158 | 寂 ji
1159 | 计 ji
1160 | 记 ji
1161 | 既 ji,xi
1162 | 忌 ji
1163 | 际 ji
1164 | 妓 ji
1165 | 继 ji
1166 | 纪 ji
1167 | 嘉 jia
1168 | 枷 jia
1169 | 夹 ga,jia
1170 | 佳 jia
1171 | 家 jia,jie
1172 | 加 jia
1173 | 荚 jia
1174 | 颊 jia
1175 | 贾 gu,jia
1176 | 甲 jia
1177 | 钾 ge,jia
1178 | 假 jia,jie,xia
1179 | 稼 jia
1180 | 价 jia,jie
1181 | 架 jia
1182 | 驾 jia
1183 | 嫁 jia
1184 | 歼 jian
1185 | 监 jian
1186 | 坚 jian
1187 | 尖 jian
1188 | 笺 jian
1189 | 间 jian
1190 | 煎 jian
1191 | 兼 jian
1192 | 肩 jian,xian
1193 | 艰 jian
1194 | 奸 gan,jian
1195 | 缄 jian
1196 | 茧 chong,jian
1197 | 检 jian
1198 | 柬 jian
1199 | 碱 jian,xian
1200 | 拣 jian
1201 | 捡 jian
1202 | 简 jian
1203 | 俭 jian
1204 | 剪 jian
1205 | 减 jian
1206 | 荐 jian
1207 | 槛 jian,kan
1208 | 鉴 jian
1209 | 践 jian
1210 | 贱 jian
1211 | 见 jian,xian
1212 | 键 jian
1213 | 箭 jian
1214 | 件 jian,mou
1215 | 健 jian
1216 | 舰 jian
1217 | 剑 jian
1218 | 饯 jian
1219 | 渐 chan,jian,qian
1220 | 溅 jian
1221 | 涧 jian
1222 | 建 jian
1223 | 僵 jiang
1224 | 姜 jiang
1225 | 将 jiang,qiang
1226 | 浆 jiang
1227 | 江 jiang
1228 | 疆 jiang
1229 | 蒋 jiang
1230 | 桨 jiang
1231 | 奖 jiang
1232 | 讲 jiang
1233 | 匠 jiang
1234 | 酱 jiang
1235 | 降 jiang,xiang
1236 | 蕉 jiao,qiao
1237 | 椒 jiao
1238 | 礁 jiao
1239 | 焦 jiao,qiao
1240 | 胶 jiao,xiao
1241 | 交 jiao
1242 | 郊 jiao
1243 | 浇 ao,jiao,nao
1244 | 骄 jiao,ju,qiao,xiao
1245 | 娇 jiao
1246 | 嚼 jiao,jue
1247 | 搅 jiao
1248 | 铰 jiao
1249 | 矫 jiao
1250 | 侥 jiao,yao
1251 | 脚 jiao,jue
1252 | 狡 jiao,xiao
1253 | 角 gu,jiao,jue,lu
1254 | 饺 jiao
1255 | 缴 he,jiao,zhuo
1256 | 绞 jiao,xiao
1257 | 剿 chao,jiao
1258 | 教 jiao
1259 | 酵 jiao
1260 | 轿 jiao
1261 | 较 jiao,jue,xiao
1262 | 叫 jiao
1263 | 窖 jiao,zao
1264 | 揭 he,jie,qi
1265 | 接 cha,jie,sha,xie
1266 | 皆 jie
1267 | 秸 ji,jie
1268 | 街 jie
1269 | 阶 jie
1270 | 截 jie
1271 | 劫 jie
1272 | 节 jie
1273 | 桔 jie,ju,xie
1274 | 杰 jie
1275 | 捷 cha,jie,qie
1276 | 睫 jie,she
1277 | 竭 jie
1278 | 洁 ji,jie
1279 | 结 ji,jie
1280 | 解 jie,xie
1281 | 姐 jie,ju,xu
1282 | 戒 jie
1283 | 藉 ji,jie
1284 | 芥 gai,jie
1285 | 界 jie
1286 | 借 jie
1287 | 介 ge,jie
1288 | 诫 jie
1289 | 届 jie
1290 | 巾 jin
1291 | 筋 jin,qian
1292 | 斤 jin
1293 | 金 jin
1294 | 今 jin
1295 | 津 jin
1296 | 襟 jin
1297 | 紧 jin
1298 | 锦 jin
1299 | 仅 fu,jin,nu
1300 | 谨 jin
1301 | 进 jin
1302 | 靳 jin
1303 | 晋 jin
1304 | 禁 jin
1305 | 近 jin
1306 | 烬 jin
1307 | 浸 jin,qin
1308 | 尽 jin
1309 | 劲 jin,jing
1310 | 荆 jing
1311 | 兢 jing
1312 | 茎 jing
1313 | 睛 jing
1314 | 晶 jing
1315 | 鲸 jing
1316 | 京 jing
1317 | 惊 jing,liang
1318 | 精 jing,qing
1319 | 粳 jing
1320 | 经 jing
1321 | 井 jing
1322 | 警 jing
1323 | 景 jing,ying
1324 | 颈 geng,jing
1325 | 静 jing
1326 | 境 jing
1327 | 敬 jing
1328 | 镜 jing
1329 | 径 jing
1330 | 痉 jing
1331 | 靖 jing
1332 | 竟 jing
1333 | 竞 jing
1334 | 净 cheng,jing
1335 | 炯 jiong
1336 | 窘 jiong
1337 | 揪 jiu
1338 | 究 jiu
1339 | 纠 jiao,jiu
1340 | 玖 jiu
1341 | 韭 jiu
1342 | 久 jiu
1343 | 灸 jiu
1344 | 九 jiu
1345 | 酒 jiu
1346 | 厩 jiu
1347 | 救 jiu
1348 | 旧 jiu
1349 | 臼 jiu
1350 | 舅 jiu
1351 | 咎 gao,jiu
1352 | 就 jiu
1353 | 疚 jiu
1354 | 鞠 ju,qiong,qu
1355 | 拘 gou,ju
1356 | 狙 ju
1357 | 疽 ju
1358 | 居 ji,ju
1359 | 驹 ju
1360 | 菊 ju
1361 | 局 ju
1362 | 咀 ju,zui
1363 | 矩 ju
1364 | 举 ju
1365 | 沮 ju,zu
1366 | 聚 ju
1367 | 拒 ju
1368 | 据 ju
1369 | 巨 ju,qu
1370 | 具 ju
1371 | 距 ju
1372 | 踞 ju
1373 | 锯 ju
1374 | 俱 ju
1375 | 句 gou,ju,qu
1376 | 惧 ju
1377 | 炬 ju
1378 | 剧 ju
1379 | 捐 juan,yuan
1380 | 鹃 juan
1381 | 娟 juan
1382 | 倦 juan
1383 | 眷 juan
1384 | 卷 juan,quan
1385 | 绢 juan,xuan
1386 | 撅 jue
1387 | 攫 jue
1388 | 抉 jue
1389 | 掘 jue,ku
1390 | 倔 jue
1391 | 爵 jue
1392 | 觉 jiao,jue
1393 | 决 jue,que,xue
1394 | 诀 jue
1395 | 绝 jue
1396 | 均 jun,yun
1397 | 菌 jun
1398 | 钧 jun
1399 | 军 jun
1400 | 君 jun
1401 | 峻 jun
1402 | 俊 dun,jun,shun
1403 | 竣 jun
1404 | 浚 cun,jun,xun
1405 | 郡 jun
1406 | 骏 jun
1407 | 喀 ka,ke
1408 | 咖 ga,jia,ka
1409 | 卡 ka,qia
1410 | 咯 ge,ka,lo,luo
1411 | 开 kai
1412 | 揩 jia,kai
1413 | 楷 jie,kai
1414 | 凯 kai
1415 | 慨 kai
1416 | 刊 kan
1417 | 堪 chen,kan
1418 | 勘 kan
1419 | 坎 kan
1420 | 砍 kan
1421 | 看 kan
1422 | 康 kang
1423 | 慷 kang
1424 | 糠 kang
1425 | 扛 gang,kang
1426 | 抗 gang,kang
1427 | 亢 gang,geng,kang
1428 | 炕 hang,kang
1429 | 考 kao
1430 | 拷 kao
1431 | 烤 kao
1432 | 靠 kao
1433 | 坷 ke
1434 | 苛 he,ke
1435 | 柯 ke
1436 | 棵 ke,kuan
1437 | 磕 ke
1438 | 颗 ke,kuan
1439 | 科 ke
1440 | 壳 ke,qiao
1441 | 咳 gai,hai,ke
1442 | 可 ge,ke
1443 | 渴 he,jie,kai,ke
1444 | 克 ke
1445 | 刻 ke,kei
1446 | 客 ke,qia
1447 | 课 ke
1448 | 肯 ken
1449 | 啃 ken
1450 | 垦 ken,yin
1451 | 恳 ken
1452 | 坑 kang,keng
1453 | 吭 hang,keng
1454 | 空 kong
1455 | 恐 kong
1456 | 孔 kong
1457 | 控 kong,qiang
1458 | 抠 kou,ou
1459 | 口 kou
1460 | 扣 kou
1461 | 寇 kou
1462 | 枯 gu,ku
1463 | 哭 ku
1464 | 窟 ku
1465 | 苦 gu,hu,ku
1466 | 酷 ku
1467 | 库 ku
1468 | 裤 ku
1469 | 夸 kua
1470 | 垮 kua
1471 | 挎 kou,ku,kua
1472 | 跨 ku,kua
1473 | 胯 kua
1474 | 块 kuai,yue
1475 | 筷 kuai
1476 | 侩 kuai
1477 | 快 kuai
1478 | 宽 kuan
1479 | 款 kuan,xin
1480 | 匡 kuang,wang
1481 | 筐 kuang
1482 | 狂 jue,kuang
1483 | 框 kuang
1484 | 矿 kuang
1485 | 眶 kuang
1486 | 旷 kuang
1487 | 况 kuang
1488 | 亏 kui,yu
1489 | 盔 kui
1490 | 窥 kui
1491 | 葵 kui
1492 | 奎 kui
1493 | 魁 kuai,kui
1494 | 傀 gui,kuai,kui
1495 | 馈 kui,tui
1496 | 愧 kui
1497 | 溃 hui,kui,xie
1498 | 坤 kun
1499 | 昆 hun,kun
1500 | 捆 hun,kun
1501 | 困 kun
1502 | 括 gua,kuo
1503 | 扩 guang,kuo,tang
1504 | 廓 kuo
1505 | 阔 kuo
1506 | 垃 la
1507 | 拉 la
1508 | 喇 la
1509 | 蜡 ji,la,qu,zha
1510 | 腊 la,xi
1511 | 辣 la
1512 | 啦 la
1513 | 莱 lai
1514 | 来 lai
1515 | 赖 lai
1516 | 蓝 la,lan
1517 | 婪 lan
1518 | 栏 lan
1519 | 拦 lan
1520 | 篮 lan
1521 | 阑 lan
1522 | 兰 lan
1523 | 澜 lan
1524 | 揽 lan
1525 | 览 lan
1526 | 懒 lan
1527 | 缆 lan
1528 | 烂 lan
1529 | 滥 jian,lan
1530 | 琅 lang
1531 | 榔 lang
1532 | 狼 hang,lang
1533 | 廊 lang
1534 | 郎 lang
1535 | 朗 lang
1536 | 浪 lang
1537 | 捞 lao
1538 | 劳 lao,liao
1539 | 牢 lao,lou
1540 | 老 lao
1541 | 佬 lao,liao
1542 | 姥 lao,mu
1543 | 酪 lao,lu
1544 | 烙 lao,luo
1545 | 涝 lao
1546 | 勒 le,lei
1547 | 乐 le,luo,yao,yue
1548 | 雷 lei
1549 | 蕾 lei
1550 | 磊 lei
1551 | 累 lei,lv
1552 | 儡 lei
1553 | 垒 lei
1554 | 擂 lei
1555 | 肋 jin,le,lei
1556 | 类 lei
1557 | 泪 lei
1558 | 棱 ling
1559 | 冷 ling
1560 | 厘 chan,li
1561 | 梨 li
1562 | 犁 li
1563 | 黎 li
1564 | 篱 li
1565 | 狸 li
1566 | 离 chi,li
1567 | 漓 li
1568 | 理 li
1569 | 李 li
1570 | 里 li
1571 | 鲤 li
1572 | 礼 li
1573 | 莉 chi,li
1574 | 荔 li
1575 | 吏 li
1576 | 栗 li,lie
1577 | 丽 li
1578 | 厉 li
1579 | 励 li
1580 | 砾 li
1581 | 历 li
1582 | 利 li
1583 | 傈 li
1584 | 例 li,lie
1585 | 俐 li
1586 | 痢 li
1587 | 立 li,wei
1588 | 粒 li
1589 | 沥 li
1590 | 隶 dai,di,li,yi
1591 | 力 li
1592 | 璃 li
1593 | 哩 li,mai
1594 | 俩 lia,liang
1595 | 联 lian
1596 | 莲 lian
1597 | 连 lian
1598 | 镰 lian
1599 | 廉 lian
1600 | 怜 lian,ling
1601 | 涟 lan,lian
1602 | 帘 chen,lian
1603 | 敛 lian
1604 | 脸 lian
1605 | 链 lian
1606 | 恋 lian
1607 | 炼 lan,lian
1608 | 练 lian
1609 | 粮 liang
1610 | 凉 liang
1611 | 梁 liang
1612 | 粱 liang
1613 | 良 liang
1614 | 两 liang
1615 | 辆 liang
1616 | 量 liang
1617 | 晾 liang
1618 | 亮 liang
1619 | 谅 liang
1620 | 撩 lao,liao
1621 | 聊 liao,liu
1622 | 僚 lao,liao
1623 | 疗 liao
1624 | 燎 liao
1625 | 寥 liao
1626 | 辽 liao
1627 | 潦 lao,liao
1628 | 了 le,liao
1629 | 撂 liao
1630 | 镣 liao
1631 | 廖 liao
1632 | 料 liao
1633 | 列 li,lie
1634 | 裂 lie
1635 | 烈 lie
1636 | 劣 lie
1637 | 猎 lie,que,xi
1638 | 琳 lin
1639 | 林 lin
1640 | 磷 lin,ling
1641 | 霖 lin
1642 | 临 lin
1643 | 邻 lin
1644 | 鳞 lin
1645 | 淋 lin
1646 | 凛 lin
1647 | 赁 lin
1648 | 吝 lin
1649 | 拎 lin,ling
1650 | 玲 ling
1651 | 菱 ling
1652 | 零 lian,ling
1653 | 龄 ling
1654 | 铃 ling
1655 | 伶 ling
1656 | 羚 ling
1657 | 凌 ling
1658 | 灵 ling
1659 | 陵 ling
1660 | 岭 ling
1661 | 领 ling
1662 | 另 ling
1663 | 令 lian,ling
1664 | 溜 liu
1665 | 琉 liu
1666 | 榴 liu
1667 | 硫 chu,liu
1668 | 馏 liu
1669 | 留 liu
1670 | 刘 liu
1671 | 瘤 liu
1672 | 流 liu
1673 | 柳 liu
1674 | 六 liu,lu
1675 | 龙 long,mang
1676 | 聋 long
1677 | 咙 long
1678 | 笼 long
1679 | 窿 long
1680 | 隆 long
1681 | 垄 long
1682 | 拢 long
1683 | 陇 long
1684 | 楼 lou
1685 | 娄 lou,lv
1686 | 搂 lou
1687 | 篓 ju,lou,lv
1688 | 漏 lou
1689 | 陋 lou
1690 | 芦 hu,lu
1691 | 卢 lei,lu,lv
1692 | 颅 lu
1693 | 庐 lu,lv
1694 | 炉 lu
1695 | 掳 lu
1696 | 卤 lu
1697 | 虏 lu
1698 | 鲁 lu,lv
1699 | 麓 lu
1700 | 碌 liu,lu,luo
1701 | 露 lou,lu
1702 | 路 lu,luo
1703 | 赂 lu
1704 | 鹿 lu,lv
1705 | 潞 lu
1706 | 禄 lu
1707 | 录 lu
1708 | 陆 liu,lu
1709 | 戮 lu
1710 | 驴 lv
1711 | 吕 lv
1712 | 铝 lv
1713 | 侣 lv
1714 | 旅 lv
1715 | 履 lv
1716 | 屡 lv
1717 | 缕 lv
1718 | 虑 bi,lv
1719 | 氯 lv
1720 | 律 lv
1721 | 率 lue,lv,shuai
1722 | 滤 lu,lv
1723 | 绿 lu,lv
1724 | 峦 luan
1725 | 挛 lian,luan
1726 | 孪 luan
1727 | 滦 luan
1728 | 卵 kun,luan
1729 | 乱 luan
1730 | 掠 lue
1731 | 略 lue
1732 | 抡 liu,lun
1733 | 轮 lun
1734 | 伦 lun
1735 | 仑 lun
1736 | 沦 guan,lun
1737 | 纶 guan,lun
1738 | 论 lun
1739 | 萝 luo
1740 | 螺 luo
1741 | 罗 luo
1742 | 逻 luo
1743 | 锣 luo
1744 | 箩 luo
1745 | 骡 luo
1746 | 裸 luo
1747 | 落 la,lao,luo
1748 | 洛 luo
1749 | 骆 jia,luo
1750 | 络 lao,luo
1751 | 妈 ma
1752 | 麻 ma
1753 | 玛 ma
1754 | 码 ma
1755 | 蚂 ma
1756 | 马 ma
1757 | 骂 ma
1758 | 嘛 ma
1759 | 吗 ma
1760 | 埋 mai,man
1761 | 买 mai
1762 | 麦 mai
1763 | 卖 mai
1764 | 迈 mai
1765 | 脉 mai,mo
1766 | 瞒 man
1767 | 馒 man
1768 | 蛮 man
1769 | 满 man,men
1770 | 蔓 man,wan
1771 | 曼 man
1772 | 慢 man
1773 | 漫 man
1774 | 谩 man
1775 | 芒 huang,mang,wang
1776 | 茫 huang,mang
1777 | 盲 mang
1778 | 氓 mang,meng
1779 | 忙 mang
1780 | 莽 mang
1781 | 猫 mao,miao
1782 | 茅 mao
1783 | 锚 mao
1784 | 毛 mao
1785 | 矛 mao
1786 | 铆 liu,mao
1787 | 卯 mao
1788 | 茂 mao
1789 | 冒 mao,mo
1790 | 帽 mao
1791 | 貌 mao,mo
1792 | 贸 mao
1793 | 么 ma,me,mo,yao
1794 | 玫 mei
1795 | 枚 mei
1796 | 梅 mei
1797 | 酶 mei
1798 | 霉 mei
1799 | 煤 mei
1800 | 没 mei,mo
1801 | 眉 mei
1802 | 媒 mei
1803 | 镁 mei
1804 | 每 mei
1805 | 美 mei
1806 | 昧 mei,mo,wen
1807 | 寐 mei
1808 | 妹 mei
1809 | 媚 mei
1810 | 门 men
1811 | 闷 men
1812 | 们 men
1813 | 萌 meng,ming
1814 | 蒙 meng,weng
1815 | 檬 meng
1816 | 盟 meng,ming
1817 | 猛 meng
1818 | 梦 meng
1819 | 孟 meng
1820 | 眯 mi
1821 | 靡 ma,mi
1822 | 糜 mei,mi
1823 | 迷 mi
1824 | 谜 mei,mi
1825 | 弥 mi
1826 | 米 mi
1827 | 秘 bi,bie,mi
1828 | 觅 mi
1829 | 泌 bi,mi
1830 | 蜜 mi
1831 | 密 mi
1832 | 幂 mi
1833 | 棉 mian
1834 | 眠 mian,min
1835 | 绵 mian
1836 | 冕 mian
1837 | 免 mian,wan,wen
1838 | 勉 mian
1839 | 娩 mian,wan,wen
1840 | 缅 mian
1841 | 面 mian
1842 | 苗 miao
1843 | 描 mao,miao
1844 | 瞄 miao
1845 | 藐 miao,mo
1846 | 秒 miao
1847 | 渺 miao
1848 | 庙 miao
1849 | 妙 miao
1850 | 蔑 mie
1851 | 灭 mie
1852 | 民 min
1853 | 抿 min
1854 | 皿 min
1855 | 敏 min
1856 | 悯 min
1857 | 闽 min
1858 | 明 meng,ming
1859 | 螟 ming
1860 | 鸣 ming
1861 | 铭 ming
1862 | 名 ming
1863 | 命 ming
1864 | 谬 miu
1865 | 摸 mo
1866 | 摹 mo
1867 | 蘑 mo
1868 | 模 mo,mu
1869 | 膜 mo
1870 | 磨 mo
1871 | 摩 ma,mi,mo
1872 | 魔 mo
1873 | 抹 ma,mo
1874 | 末 mo
1875 | 莫 mo,wu
1876 | 墨 mei,mo
1877 | 默 mo
1878 | 沫 mei,mo
1879 | 漠 mo
1880 | 寞 mo
1881 | 陌 mo
1882 | 谋 mou
1883 | 牟 mao,mou,mu
1884 | 某 mei,mou
1885 | 拇 mu
1886 | 牡 mu
1887 | 亩 mu
1888 | 姆 mu
1889 | 母 mu,wu
1890 | 墓 mu
1891 | 暮 mu
1892 | 幕 man,mu
1893 | 募 bo,mu
1894 | 慕 mu
1895 | 木 mu
1896 | 目 mu
1897 | 睦 mu
1898 | 牧 mu
1899 | 穆 mu
1900 | 拿 na
1901 | 哪 na,nai,ne,nei,nuo
1902 | 呐 ma,na,ne,nuo
1903 | 钠 na,rui
1904 | 那 na,ne,nei,nuo
1905 | 娜 na,nuo
1906 | 纳 na
1907 | 氖 nai
1908 | 乃 ai,nai
1909 | 奶 nai
1910 | 耐 nai,neng
1911 | 奈 nai
1912 | 南 na,nan
1913 | 男 nan
1914 | 难 nan,nuo
1915 | 囊 nang
1916 | 挠 nao,rao,xiao
1917 | 脑 nao
1918 | 恼 nao
1919 | 闹 nao
1920 | 淖 chuo,nao,zhao,zhuo
1921 | 呢 ne,ni
1922 | 馁 nei
1923 | 内 na,nei,rui
1924 | 嫩 nen
1925 | 能 nai,neng,tai
1926 | 妮 ni
1927 | 霓 ni
1928 | 倪 ni,nie
1929 | 泥 ni
1930 | 尼 ni
1931 | 拟 ni
1932 | 你 ni
1933 | 匿 ni
1934 | 腻 ni
1935 | 逆 ni
1936 | 溺 ni,niao,ruo
1937 | 拈 dian,nian
1938 | 年 nian,ning
1939 | 碾 nian
1940 | 撵 nian
1941 | 捻 nian,nie
1942 | 念 nian
1943 | 鸟 dao,diao,niao
1944 | 尿 niao,sui
1945 | 捏 nie
1946 | 聂 nie,she,ye,zhe
1947 | 孽 nie
1948 | 啮 nie,yao
1949 | 镍 nie
1950 | 涅 nie
1951 | 您 nin
1952 | 柠 chu,ning,zhu
1953 | 狞 ning
1954 | 凝 ning
1955 | 宁 ning,zhu
1956 | 拧 ning
1957 | 泞 ning,zhu
1958 | 牛 niu
1959 | 扭 chou,niu,zhou
1960 | 钮 chou,niu
1961 | 纽 niu
1962 | 脓 nong
1963 | 浓 nong
1964 | 农 nong
1965 | 弄 long,nong
1966 | 奴 nu
1967 | 努 nu
1968 | 怒 nu
1969 | 女 nv,ru
1970 | 暖 nuan,xuan
1971 | 虐 nue,nve
1972 | 疟 nue,nve,yao
1973 | 挪 nuo
1974 | 懦 nuo
1975 | 糯 nuo
1976 | 诺 nuo
1977 | 哦 e,o
1978 | 欧 ou
1979 | 鸥 ou
1980 | 殴 ou
1981 | 藕 ou
1982 | 呕 ou,xu
1983 | 偶 ou
1984 | 啪 pa
1985 | 趴 pa
1986 | 爬 pa
1987 | 帕 mo,pa
1988 | 怕 bo,pa
1989 | 琶 pa
1990 | 拍 bo,pai
1991 | 排 bai,pai
1992 | 牌 pai
1993 | 徘 pai
1994 | 湃 ba,pai
1995 | 派 bai,mai,pa,pai
1996 | 攀 pan
1997 | 潘 bo,pan
1998 | 盘 pan
1999 | 磐 pan
2000 | 盼 fen,pan
2001 | 畔 pan
2002 | 判 pan
2003 | 叛 pan
2004 | 乓 pang
2005 | 庞 long,pang
2006 | 旁 bang,beng,pang,peng
2007 | 胖 pan,pang
2008 | 抛 pao
2009 | 咆 pao
2010 | 刨 bao,pao
2011 | 炮 bao,pao
2012 | 袍 bao,pao
2013 | 跑 bo,pao
2014 | 泡 pao
2015 | 呸 pei
2016 | 胚 pei
2017 | 培 pei,pi,pou
2018 | 裴 fei,pei
2019 | 赔 pei
2020 | 陪 pei
2021 | 配 pei
2022 | 佩 pei
2023 | 沛 pei
2024 | 喷 fen,pen
2025 | 盆 pen
2026 | 砰 peng,ping
2027 | 抨 beng,peng
2028 | 烹 peng
2029 | 澎 peng
2030 | 彭 bang,pang,peng
2031 | 蓬 peng
2032 | 棚 peng
2033 | 篷 peng
2034 | 膨 peng
2035 | 朋 peng
2036 | 鹏 feng,peng
2037 | 捧 feng,peng
2038 | 碰 peng
2039 | 坯 huai,pi
2040 | 砒 pi
2041 | 霹 pi
2042 | 批 pi
2043 | 披 pi
2044 | 劈 pi
2045 | 琵 pi
2046 | 毗 pi
2047 | 啤 pi
2048 | 脾 bi,pai,pi
2049 | 疲 pi
2050 | 皮 pi
2051 | 匹 pi
2052 | 痞 pi
2053 | 僻 pi
2054 | 屁 pi
2055 | 譬 pi
2056 | 篇 pian
2057 | 偏 pian
2058 | 片 pan,pian
2059 | 骗 pian
2060 | 飘 piao
2061 | 漂 biao,piao
2062 | 瓢 piao
2063 | 票 piao
2064 | 撇 bie,pie
2065 | 瞥 bi,pie
2066 | 拼 bing,pin
2067 | 频 bin,pin
2068 | 贫 pin
2069 | 品 pin
2070 | 聘 pin
2071 | 乒 ping
2072 | 坪 ping
2073 | 苹 peng,ping
2074 | 萍 ping
2075 | 平 beng,bing,pian,ping
2076 | 凭 ping
2077 | 瓶 ping
2078 | 评 ping
2079 | 屏 bing,ping
2080 | 坡 po
2081 | 泼 bo,po
2082 | 颇 pi,po
2083 | 婆 po
2084 | 破 po
2085 | 魄 bo,po,tuo
2086 | 迫 pai,po
2087 | 粕 po
2088 | 剖 pou
2089 | 扑 pi,pu
2090 | 铺 pu
2091 | 仆 pu
2092 | 莆 fu,pu
2093 | 葡 bei,pu
2094 | 菩 bei,bo,pu
2095 | 蒲 bo,pu
2096 | 埔 bu,pu
2097 | 朴 piao,po,pu
2098 | 圃 pu
2099 | 普 pu
2100 | 浦 pu
2101 | 谱 pu
2102 | 曝 pu
2103 | 瀑 bao,bo,pu
2104 | 期 ji,qi
2105 | 欺 qi
2106 | 栖 qi,xi
2107 | 戚 cu,qi
2108 | 妻 qi
2109 | 七 qi
2110 | 凄 qi,qian
2111 | 漆 qi,qie
2112 | 沏 qi,qie
2113 | 其 ji,qi
2114 | 棋 ji,qi
2115 | 奇 ai,ji,qi,yi
2116 | 歧 qi
2117 | 畦 qi
2118 | 崎 qi,yi
2119 | 脐 qi
2120 | 齐 ji,qi,zi
2121 | 旗 qi
2122 | 祈 gui,qi
2123 | 祁 qi,zhi
2124 | 骑 ji,qi
2125 | 起 qi
2126 | 岂 qi
2127 | 乞 qi
2128 | 企 qi
2129 | 启 qi
2130 | 契 jie,qi,qie,xie
2131 | 砌 qi,qie
2132 | 器 qi
2133 | 气 qi
2134 | 迄 qi
2135 | 弃 qi
2136 | 汽 gai,qi,yi
2137 | 泣 li,qi,se
2138 | 讫 qi
2139 | 掐 qia
2140 | 恰 qia
2141 | 洽 he,qia
2142 | 牵 qian
2143 | 铅 qian,yan
2144 | 千 qian
2145 | 迁 qian
2146 | 签 qian
2147 | 仟 qian
2148 | 谦 qian,zhan
2149 | 乾 gan,qian
2150 | 黔 qian
2151 | 钱 jian,qian
2152 | 钳 an,qian
2153 | 前 jian,qian
2154 | 潜 qian
2155 | 遣 qian
2156 | 浅 jian,qian
2157 | 谴 qian
2158 | 堑 jian,qian
2159 | 嵌 han,kan,qian
2160 | 欠 qian
2161 | 歉 qian
2162 | 枪 qiang
2163 | 呛 cheng,qiang
2164 | 腔 kong,qiang
2165 | 羌 qiang
2166 | 墙 qiang
2167 | 蔷 qiang,se
2168 | 强 jiang,qiang
2169 | 抢 cheng,qiang
2170 | 橇 qiao
2171 | 锹 qiao
2172 | 敲 qiao
2173 | 悄 qiao
2174 | 桥 qiao
2175 | 瞧 qiao
2176 | 乔 jiao,qiao
2177 | 侨 jiao,qiao
2178 | 巧 qiao
2179 | 鞘 qiao,shao
2180 | 撬 qiao
2181 | 翘 qiao
2182 | 峭 qiao
2183 | 俏 qiao,xiao
2184 | 窍 qiao
2185 | 切 qi,qie
2186 | 茄 jia,qie
2187 | 且 cu,ju,qie
2188 | 怯 qie
2189 | 窃 qie
2190 | 钦 qin
2191 | 侵 qin
2192 | 亲 qin,qing
2193 | 秦 qin
2194 | 琴 qin
2195 | 勤 qi,qin
2196 | 芹 qin
2197 | 擒 qin
2198 | 禽 qin
2199 | 寝 qin
2200 | 沁 qin
2201 | 青 jing,qing
2202 | 轻 qing
2203 | 氢 qing
2204 | 倾 qing
2205 | 卿 qing
2206 | 清 qing
2207 | 擎 qing
2208 | 晴 qing
2209 | 氰 qing
2210 | 情 qing
2211 | 顷 kui,qing
2212 | 请 qing
2213 | 庆 qiang,qing
2214 | 琼 qiong
2215 | 穷 qiong
2216 | 秋 qiu
2217 | 丘 qiu
2218 | 邱 qiu
2219 | 球 qiu
2220 | 求 qiu
2221 | 囚 qiu
2222 | 酋 qiu
2223 | 泅 qiu,you
2224 | 趋 cou,cu,qu
2225 | 区 gou,ou,qiu,qu
2226 | 蛆 ju,qu
2227 | 曲 qu
2228 | 躯 qu
2229 | 屈 jue,qu,que
2230 | 驱 qu
2231 | 渠 ju,qu
2232 | 取 qu
2233 | 娶 ju,qu,shu
2234 | 龋 qu
2235 | 趣 cou,cu,qu
2236 | 去 qu
2237 | 圈 juan,quan
2238 | 颧 quan
2239 | 权 quan
2240 | 泉 quan
2241 | 全 quan
2242 | 痊 quan
2243 | 拳 quan
2244 | 犬 quan
2245 | 券 quan,xuan
2246 | 劝 quan
2247 | 缺 kui,que
2248 | 瘸 que
2249 | 却 jiao,que
2250 | 鹊 que
2251 | 榷 que
2252 | 确 que
2253 | 雀 qiao,que
2254 | 裙 qun
2255 | 群 qun
2256 | 然 ran
2257 | 燃 ran
2258 | 冉 dan,ran
2259 | 染 ran
2260 | 壤 rang
2261 | 攘 ning,rang,xiang
2262 | 嚷 rang
2263 | 让 rang
2264 | 饶 rao
2265 | 扰 rao,you
2266 | 绕 rao
2267 | 惹 re,ruo
2268 | 热 re
2269 | 壬 ren
2270 | 仁 ren
2271 | 人 ren
2272 | 忍 ren
2273 | 韧 ren
2274 | 任 lin,ren
2275 | 认 ren
2276 | 刃 ren
2277 | 妊 ren
2278 | 纫 ren
2279 | 日 ri
2280 | 戎 rong
2281 | 茸 rong
2282 | 蓉 rong
2283 | 荣 rong
2284 | 融 rong
2285 | 熔 rong
2286 | 溶 rong
2287 | 容 rong,yong
2288 | 绒 rong
2289 | 冗 rong
2290 | 揉 rou
2291 | 柔 rou
2292 | 肉 rou,ru
2293 | 茹 ru
2294 | 蠕 ru
2295 | 儒 ru
2296 | 孺 ru
2297 | 如 ru
2298 | 辱 ru
2299 | 乳 ru
2300 | 汝 ru
2301 | 入 ru
2302 | 褥 nu,ru
2303 | 软 ruan
2304 | 阮 ruan,yuan
2305 | 蕊 juan,rui
2306 | 瑞 rui
2307 | 锐 dui,rui,yue
2308 | 闰 run
2309 | 润 run
2310 | 若 re,ruo
2311 | 弱 ruo
2312 | 撒 sa
2313 | 洒 sa,xi,xian,xun
2314 | 萨 sa
2315 | 腮 sai
2316 | 塞 sai,se
2317 | 赛 sai
2318 | 三 san
2319 | 叁 san
2320 | 伞 san
2321 | 散 san
2322 | 桑 sang
2323 | 嗓 sang
2324 | 丧 sang
2325 | 搔 sao
2326 | 骚 sao,xiao
2327 | 扫 sao
2328 | 嫂 sao
2329 | 瑟 se
2330 | 色 se,shai
2331 | 涩 se
2332 | 森 sen
2333 | 僧 ceng,seng
2334 | 莎 sha,sui,suo
2335 | 砂 sha
2336 | 杀 sha
2337 | 刹 cha,sha
2338 | 沙 sha,suo
2339 | 纱 miao,sha
2340 | 傻 sha
2341 | 啥 sha
2342 | 煞 sha
2343 | 筛 shai,shi
2344 | 晒 shai
2345 | 珊 shan
2346 | 苫 chan,shan,tian
2347 | 杉 sha,shan
2348 | 山 shan
2349 | 删 shan
2350 | 煽 shan
2351 | 衫 shan
2352 | 闪 shan
2353 | 陕 shan
2354 | 擅 shan
2355 | 赡 dan,shan
2356 | 膳 shan
2357 | 善 shan
2358 | 汕 shan,shuan
2359 | 扇 shan
2360 | 缮 shan
2361 | 墒 shang
2362 | 伤 shang
2363 | 商 shang
2364 | 赏 shang
2365 | 晌 shang
2366 | 上 shang
2367 | 尚 chang,shang
2368 | 裳 chang,shang
2369 | 梢 sao,shao,xiao
2370 | 捎 qiao,shao,xiao
2371 | 稍 shao
2372 | 烧 shao
2373 | 芍 di,que,shao,xiao
2374 | 勺 di,shao,zhuo
2375 | 韶 shao
2376 | 少 shao
2377 | 哨 sao,shao,xiao
2378 | 邵 shao
2379 | 绍 chao,shao
2380 | 奢 she
2381 | 赊 sha,she
2382 | 蛇 chi,she,tuo,yi
2383 | 舌 gua,she
2384 | 舍 she,shi
2385 | 赦 ce,she
2386 | 摄 nie,sha,she,zhe
2387 | 射 she,ye,yi
2388 | 慑 she
2389 | 涉 die,she
2390 | 社 she
2391 | 设 she
2392 | 砷 shen
2393 | 申 shen
2394 | 呻 shen
2395 | 伸 shen
2396 | 身 juan,shen
2397 | 深 shen
2398 | 绅 shen
2399 | 神 shen
2400 | 沈 chen,shen,tan
2401 | 审 pan,shen
2402 | 婶 shen
2403 | 甚 shen
2404 | 肾 shen
2405 | 慎 shen,zhen
2406 | 渗 lin,qin,sen,shen
2407 | 声 qing,sheng
2408 | 生 sheng
2409 | 甥 sheng
2410 | 牲 sheng
2411 | 升 sheng
2412 | 绳 min,sheng,ying
2413 | 省 sheng,xian,xing
2414 | 盛 cheng,sheng
2415 | 剩 sheng
2416 | 胜 qing,sheng,xing
2417 | 圣 ku,sheng
2418 | 师 shi
2419 | 失 shi,yi
2420 | 狮 shi
2421 | 施 shi,yi
2422 | 湿 shi,ta,xi
2423 | 诗 shi
2424 | 尸 shi
2425 | 虱 shi
2426 | 十 shi
2427 | 石 dan,shi
2428 | 拾 jie,she,shi
2429 | 时 shi
2430 | 什 shen,shi
2431 | 食 shi,si,yi
2432 | 蚀 shi
2433 | 实 shi,zhi
2434 | 识 shi,zhi
2435 | 史 shi
2436 | 矢 shi
2437 | 使 shi
2438 | 屎 shi,xi
2439 | 驶 shi
2440 | 始 shi
2441 | 式 shi
2442 | 示 qi,shi,zhi
2443 | 士 shi
2444 | 世 shi
2445 | 柿 shi
2446 | 事 shi,zi
2447 | 拭 shi
2448 | 誓 shi
2449 | 逝 shi
2450 | 势 shi
2451 | 是 shi,ti
2452 | 嗜 shi
2453 | 噬 shi
2454 | 适 kuo,shi
2455 | 仕 shi
2456 | 侍 shi
2457 | 释 shi,yi
2458 | 饰 chi,shi
2459 | 氏 jing,shi,zhi
2460 | 市 fu,shi
2461 | 恃 shi,zhi
2462 | 室 shi
2463 | 视 shi
2464 | 试 shi
2465 | 收 shou
2466 | 手 shou
2467 | 首 shou
2468 | 守 shou
2469 | 寿 shou
2470 | 授 shou
2471 | 售 shou,shu
2472 | 受 dao,shou
2473 | 瘦 shou
2474 | 兽 shou
2475 | 蔬 shu
2476 | 枢 shu
2477 | 梳 shu
2478 | 殊 shu
2479 | 抒 shu
2480 | 输 shu
2481 | 叔 shu
2482 | 舒 shu,yu
2483 | 淑 chu,shu
2484 | 疏 shu
2485 | 书 shu
2486 | 赎 shu
2487 | 孰 shu
2488 | 熟 shou,shu
2489 | 薯 shu
2490 | 暑 shu
2491 | 曙 shu
2492 | 署 shu
2493 | 蜀 shu
2494 | 黍 shu
2495 | 鼠 shu
2496 | 属 shu,zhu
2497 | 术 shu,zhu
2498 | 述 shu
2499 | 树 shu,sun
2500 | 束 shu
2501 | 戍 shu
2502 | 竖 shu
2503 | 墅 shu,ye
2504 | 庶 shu,zhe,zhu
2505 | 数 shu,shuo
2506 | 漱 shu
2507 | 恕 shu
2508 | 刷 shua
2509 | 耍 shua
2510 | 摔 shuai
2511 | 衰 cui,shuai,suo
2512 | 甩 shuai
2513 | 帅 shuai
2514 | 栓 shuan
2515 | 拴 quan,shuan
2516 | 霜 shuang
2517 | 双 shuang
2518 | 爽 shuang
2519 | 谁 shui
2520 | 水 shui
2521 | 睡 shui
2522 | 税 shui,tuan,tui,tuo
2523 | 吮 shun
2524 | 瞬 shun
2525 | 顺 shun
2526 | 舜 shun
2527 | 说 shui,shuo,tuo,yue
2528 | 硕 shuo
2529 | 朔 shuo
2530 | 烁 luo,shuo,yue
2531 | 斯 shi,si
2532 | 撕 si,xi
2533 | 嘶 si
2534 | 思 sai,si
2535 | 私 si
2536 | 司 ci,si
2537 | 丝 si
2538 | 死 si
2539 | 肆 si,ti
2540 | 寺 shi,si
2541 | 嗣 si
2542 | 四 si
2543 | 伺 ci,si
2544 | 似 shi,si
2545 | 饲 si
2546 | 巳 si,yi
2547 | 松 song
2548 | 耸 song
2549 | 怂 song
2550 | 颂 rong,song
2551 | 送 song
2552 | 宋 song
2553 | 讼 song
2554 | 诵 song
2555 | 搜 shao,sou,xiao
2556 | 艘 sou
2557 | 擞 sou
2558 | 嗽 shu,shuo,sou
2559 | 苏 su
2560 | 酥 su
2561 | 俗 su
2562 | 素 su
2563 | 速 su
2564 | 粟 su
2565 | 塑 su
2566 | 溯 shuo,su
2567 | 宿 qi,qiu,su,xiu
2568 | 诉 su
2569 | 肃 su
2570 | 酸 suan
2571 | 蒜 suan
2572 | 算 suan
2573 | 虽 sui
2574 | 隋 duo,sui,tuo
2575 | 随 sui
2576 | 绥 rui,shuai,sui
2577 | 髓 sui
2578 | 碎 sui
2579 | 岁 sui,suo
2580 | 穗 sui
2581 | 遂 sui
2582 | 隧 sui,zhui
2583 | 祟 sui
2584 | 孙 sun,xun
2585 | 损 sun
2586 | 笋 sun
2587 | 蓑 sui,suo
2588 | 梭 suo,xun
2589 | 唆 shua,suo
2590 | 缩 su,suo
2591 | 琐 suo
2592 | 索 suo
2593 | 锁 suo
2594 | 所 suo
2595 | 塌 da,ta
2596 | 他 ta,tuo
2597 | 它 ta,tuo,yi
2598 | 她 chi,jie,ta
2599 | 塔 da,ta
2600 | 獭 ta
2601 | 挞 ta
2602 | 蹋 ta
2603 | 踏 ta
2604 | 胎 tai
2605 | 苔 tai
2606 | 抬 chi,tai
2607 | 台 si,tai,yi
2608 | 泰 tai
2609 | 太 ta,tai
2610 | 态 tai
2611 | 汰 tai
2612 | 坍 tan
2613 | 摊 nan,tan
2614 | 贪 tan
2615 | 瘫 tan
2616 | 滩 han,nan,tan
2617 | 坛 dan,tan
2618 | 檀 shan,tan
2619 | 痰 tan
2620 | 潭 dan,tan,xun,yin
2621 | 谭 tan
2622 | 谈 tan
2623 | 坦 tan
2624 | 毯 tan
2625 | 袒 tan,zhan
2626 | 碳 tan
2627 | 探 tan,xian
2628 | 叹 tan,yi,you
2629 | 炭 tan
2630 | 汤 shang,tang
2631 | 塘 tang
2632 | 搪 tang
2633 | 堂 tang
2634 | 棠 tang
2635 | 膛 tang
2636 | 唐 tang
2637 | 糖 tang
2638 | 倘 chang,tang
2639 | 躺 tang
2640 | 淌 chang,tang
2641 | 趟 cheng,tang,zheng
2642 | 烫 dang,tang
2643 | 掏 tao
2644 | 涛 chao,dao,shou,tao
2645 | 滔 tao
2646 | 绦 tao
2647 | 萄 tao
2648 | 桃 tao,tiao,zhao
2649 | 逃 tao
2650 | 淘 tao
2651 | 陶 dao,tao,yao
2652 | 讨 tao
2653 | 套 tao
2654 | 藤 teng
2655 | 腾 teng
2656 | 疼 teng
2657 | 誊 teng
2658 | 梯 ti
2659 | 剔 ti
2660 | 踢 die,ti
2661 | 提 chi,di,shi,ti
2662 | 题 di,ti
2663 | 蹄 di,ti
2664 | 啼 ti
2665 | 体 ben,cui,ti
2666 | 替 ti
2667 | 嚏 ti
2668 | 惕 ti
2669 | 涕 ti
2670 | 剃 ti
2671 | 屉 ti
2672 | 天 tian
2673 | 添 tian
2674 | 填 chen,tian,zhen
2675 | 田 tian
2676 | 甜 tian
2677 | 恬 tian
2678 | 舔 tan,tian
2679 | 腆 tian
2680 | 挑 diao,tao,tiao
2681 | 条 tiao
2682 | 迢 tiao
2683 | 眺 tiao
2684 | 跳 diao,tao,tiao
2685 | 贴 tie
2686 | 铁 tie,zhi
2687 | 帖 tie
2688 | 厅 ting
2689 | 听 ting,yi,yin
2690 | 烃 jing,ting
2691 | 汀 ding,ting
2692 | 廷 ting
2693 | 停 ting
2694 | 亭 ting
2695 | 庭 ting
2696 | 挺 ting
2697 | 艇 ting
2698 | 通 tong
2699 | 桐 dong,tong
2700 | 酮 chong,dong,tong
2701 | 瞳 tong
2702 | 同 tong
2703 | 铜 tong
2704 | 彤 tong
2705 | 童 tong,zhong
2706 | 桶 tong
2707 | 捅 tong
2708 | 筒 dong,tong
2709 | 统 tong
2710 | 痛 tong
2711 | 偷 tou
2712 | 投 dou,tou
2713 | 头 tou
2714 | 透 shu,tou
2715 | 凸 tu
2716 | 秃 tu
2717 | 突 tu
2718 | 图 tu
2719 | 徒 tu
2720 | 途 tu
2721 | 涂 chu,tu,ye
2722 | 屠 tu
2723 | 土 cha,du,tu
2724 | 吐 tu
2725 | 兔 chan,tu
2726 | 湍 tuan,zhuan
2727 | 团 qiu,tuan
2728 | 推 tui
2729 | 颓 tui
2730 | 腿 tui
2731 | 蜕 tui,yue
2732 | 褪 tui,tun
2733 | 退 tui
2734 | 吞 tian,tun
2735 | 屯 tun,zhun
2736 | 臀 tun
2737 | 拖 chi,tuo
2738 | 托 tuo
2739 | 脱 tui,tuo
2740 | 鸵 tuo
2741 | 陀 duo,tuo
2742 | 驮 dai,duo,tuo
2743 | 驼 tuo
2744 | 椭 tuo
2745 | 妥 tuo
2746 | 拓 ta,tuo,zhi
2747 | 唾 tuo
2748 | 挖 wa
2749 | 哇 gui,hua,wa
2750 | 蛙 jue,wa
2751 | 洼 gui,wa
2752 | 娃 gui,wa
2753 | 瓦 wa
2754 | 袜 mo,wa
2755 | 歪 wai
2756 | 外 wai
2757 | 豌 wan
2758 | 弯 wan
2759 | 湾 wan
2760 | 玩 wan
2761 | 顽 kun,wan
2762 | 丸 wan
2763 | 烷 wan
2764 | 完 kuan,wan
2765 | 碗 wan
2766 | 挽 wan
2767 | 晚 wan
2768 | 皖 huan,wan
2769 | 惋 wan
2770 | 宛 wan,yu,yuan
2771 | 婉 wan
2772 | 万 mo,wan
2773 | 腕 wan
2774 | 汪 hong,wang
2775 | 王 wang,yu
2776 | 亡 wang,wu
2777 | 枉 kuang,wang
2778 | 网 wang
2779 | 往 wang
2780 | 旺 wang
2781 | 望 wang
2782 | 忘 wang
2783 | 妄 wang
2784 | 威 wei
2785 | 巍 wei
2786 | 微 wei
2787 | 危 wei
2788 | 韦 hui,wei
2789 | 违 hui,wei
2790 | 桅 gui,wei
2791 | 围 wei
2792 | 唯 wei
2793 | 惟 wei
2794 | 为 wei
2795 | 潍 wei
2796 | 维 wei,yi
2797 | 苇 wei
2798 | 萎 wei
2799 | 委 wei
2800 | 伟 wei
2801 | 伪 e,gui,wei
2802 | 尾 wei,yi
2803 | 纬 wei
2804 | 未 wei
2805 | 蔚 wei,yu
2806 | 味 mei,wei
2807 | 畏 wei
2808 | 胃 wei
2809 | 喂 wei
2810 | 魏 wei
2811 | 位 li,wei
2812 | 渭 wei
2813 | 谓 wei
2814 | 尉 wei,yu,yun
2815 | 慰 wei
2816 | 卫 wei
2817 | 瘟 wen,wo,yun
2818 | 温 wen,yun
2819 | 蚊 wen
2820 | 文 wen
2821 | 闻 wen
2822 | 纹 wen
2823 | 吻 wen
2824 | 稳 wen
2825 | 紊 wen
2826 | 问 wen
2827 | 嗡 weng
2828 | 翁 weng
2829 | 瓮 weng
2830 | 挝 wo,zhua
2831 | 蜗 wo
2832 | 涡 guo,wo
2833 | 窝 wo
2834 | 我 wo
2835 | 斡 guan,wo
2836 | 卧 wo
2837 | 握 ou,wo
2838 | 沃 wo
2839 | 巫 wu
2840 | 呜 wu
2841 | 乌 wu
2842 | 污 wa,wu,yu
2843 | 诬 wu
2844 | 屋 wu
2845 | 无 mo,wu
2846 | 芜 wu
2847 | 梧 wu,yu
2848 | 吾 wu,ya,yu
2849 | 吴 tun,wu
2850 | 毋 mou,wu
2851 | 武 wu
2852 | 五 wu
2853 | 捂 wu
2854 | 午 wu
2855 | 舞 wu
2856 | 伍 wu
2857 | 侮 wu
2858 | 坞 wu
2859 | 戊 wu
2860 | 雾 wu
2861 | 晤 wu
2862 | 物 wu
2863 | 勿 mo,wu
2864 | 务 wu
2865 | 悟 wu
2866 | 误 wu
2867 | 昔 cuo,xi
2868 | 熙 xi,yi
2869 | 析 si,xi
2870 | 西 xi
2871 | 硒 xi
2872 | 矽 xi
2873 | 晰 xi
2874 | 嘻 xi
2875 | 吸 xi
2876 | 锡 ti,xi
2877 | 牺 suo,xi
2878 | 稀 xi
2879 | 息 xi
2880 | 希 xi
2881 | 悉 xi
2882 | 膝 xi
2883 | 夕 xi,yi,yu
2884 | 惜 xi
2885 | 熄 xi
2886 | 烯 xi
2887 | 溪 xi
2888 | 汐 xi
2889 | 犀 xi
2890 | 檄 xi
2891 | 袭 xi
2892 | 席 xi
2893 | 习 xi
2894 | 媳 xi
2895 | 喜 chi,xi
2896 | 铣 xi,xian
2897 | 洗 xi,xian
2898 | 系 ji,xi
2899 | 隙 xi
2900 | 戏 hu,xi
2901 | 细 xi
2902 | 瞎 xia
2903 | 虾 ha,xia
2904 | 匣 xia
2905 | 霞 xia
2906 | 辖 he,xia
2907 | 暇 jia,xia
2908 | 峡 xia
2909 | 侠 xia
2910 | 狭 xia
2911 | 下 xia
2912 | 厦 sha,xia
2913 | 夏 jia,xia,yan
2914 | 吓 ha,he,xia
2915 | 掀 hen,xian
2916 | 锨 xian
2917 | 先 xian
2918 | 仙 xian
2919 | 鲜 xian
2920 | 纤 jian,qian,xian
2921 | 咸 xian
2922 | 贤 xian
2923 | 衔 xian
2924 | 舷 xian
2925 | 闲 xian
2926 | 涎 dian,xian,yan
2927 | 弦 xian
2928 | 嫌 xian
2929 | 显 xian
2930 | 险 jian,xian,yan
2931 | 现 xian
2932 | 献 xian
2933 | 县 xian
2934 | 腺 xian
2935 | 馅 kan,xian
2936 | 羡 xian,yan,yi
2937 | 宪 xian,xiong
2938 | 陷 xian
2939 | 限 wen,xian
2940 | 线 xian
2941 | 相 xiang
2942 | 厢 xiang
2943 | 镶 rang,xiang
2944 | 香 xiang
2945 | 箱 xiang
2946 | 襄 xiang
2947 | 湘 xiang
2948 | 乡 xiang
2949 | 翔 xiang
2950 | 祥 xiang
2951 | 详 xiang,yang
2952 | 想 xiang
2953 | 响 xiang
2954 | 享 xiang
2955 | 项 xiang
2956 | 巷 hang,xiang
2957 | 橡 xiang
2958 | 像 xiang
2959 | 向 xiang
2960 | 象 xiang
2961 | 萧 xiao
2962 | 硝 qiao,xiao
2963 | 霄 xiao
2964 | 削 qiao,shao,xiao,xue
2965 | 哮 xiao,xue
2966 | 嚣 ao,xiao
2967 | 销 xiao
2968 | 消 xiao
2969 | 宵 xiao
2970 | 淆 xiao
2971 | 晓 xiao
2972 | 小 xiao
2973 | 孝 xiao
2974 | 校 jiao,qiao,xiao
2975 | 肖 xiao
2976 | 啸 chi,xiao
2977 | 笑 xiao
2978 | 效 xiao
2979 | 楔 xie
2980 | 些 suo,xie
2981 | 歇 xie,ya
2982 | 蝎 he,xie
2983 | 鞋 wa,xie
2984 | 协 xie
2985 | 挟 jia,xie
2986 | 携 xie
2987 | 邪 xie,xu,ya,ye
2988 | 斜 cha,xie,ye
2989 | 胁 xi,xian,xie
2990 | 谐 xie
2991 | 写 xie
2992 | 械 xie
2993 | 卸 xie
2994 | 蟹 xie
2995 | 懈 xie
2996 | 泄 xie,yi
2997 | 泻 xie
2998 | 谢 xie
2999 | 屑 xie
3000 | 薪 xin
3001 | 芯 xin
3002 | 锌 xin,zi
3003 | 欣 xin
3004 | 辛 xin
3005 | 新 xin
3006 | 忻 xin
3007 | 心 xin
3008 | 信 shen,xin
3009 | 衅 xin
3010 | 星 xing
3011 | 腥 xing
3012 | 猩 xing
3013 | 惺 xing
3014 | 兴 xin,xing
3015 | 刑 xing
3016 | 型 xing
3017 | 形 xing
3018 | 邢 geng,xing
3019 | 行 hang,heng,xing
3020 | 醒 cheng,jing,xing
3021 | 幸 nie,xing
3022 | 杏 xing
3023 | 性 xing
3024 | 姓 sheng,xing
3025 | 兄 kuang,xiong
3026 | 凶 xiong
3027 | 胸 xiong
3028 | 匈 xiong
3029 | 汹 xiong
3030 | 雄 xiong
3031 | 熊 xiong
3032 | 休 xiu,xu
3033 | 修 xiu
3034 | 羞 xiu
3035 | 朽 xiu
3036 | 嗅 xiu,xu
3037 | 锈 xiu,you
3038 | 秀 xiu
3039 | 袖 xiu
3040 | 绣 tou,xiu
3041 | 墟 xu
3042 | 戌 qu,xu
3043 | 需 nuo,ru,ruan,xu
3044 | 虚 xu
3045 | 嘘 shi,xu
3046 | 须 xu
3047 | 徐 xu
3048 | 许 hu,xu
3049 | 蓄 xu
3050 | 酗 xu
3051 | 叙 xu
3052 | 旭 xu
3053 | 序 xu
3054 | 畜 chu,xu
3055 | 恤 xu
3056 | 絮 chu,na,nv,xu
3057 | 婿 xu
3058 | 绪 xu
3059 | 续 xu
3060 | 轩 han,xian,xuan
3061 | 喧 xuan
3062 | 宣 xuan
3063 | 悬 xuan
3064 | 旋 xuan
3065 | 玄 xuan
3066 | 选 shua,suan,xuan
3067 | 癣 xuan
3068 | 眩 huan,juan,xuan
3069 | 绚 xuan,xun
3070 | 靴 xue
3071 | 薛 xue
3072 | 学 hua,jiao,xue
3073 | 穴 jue,xue
3074 | 雪 xue
3075 | 血 xie,xue
3076 | 勋 xun
3077 | 熏 xun
3078 | 循 xun
3079 | 旬 jun,xun
3080 | 询 xun
3081 | 寻 xin,xun
3082 | 驯 xun
3083 | 巡 shun,xun,yan
3084 | 殉 xun
3085 | 汛 xun
3086 | 训 xun
3087 | 讯 xun
3088 | 逊 xun
3089 | 迅 xun
3090 | 压 ya
3091 | 押 jia,xia,ya
3092 | 鸦 ya
3093 | 鸭 ya
3094 | 呀 xia,ya
3095 | 丫 ya
3096 | 芽 ya
3097 | 牙 ya
3098 | 崖 ai,ya
3099 | 衙 ya,yu
3100 | 涯 ya
3101 | 雅 ya
3102 | 哑 e,ya
3103 | 亚 e,ya
3104 | 讶 ya
3105 | 焉 yan,yi
3106 | 咽 yan,ye,yuan
3107 | 阉 yan
3108 | 烟 yan,yin
3109 | 淹 yan
3110 | 盐 yan
3111 | 严 yan
3112 | 研 xing,yan
3113 | 蜒 dan,yan
3114 | 岩 yan
3115 | 延 yan
3116 | 言 yan,yin
3117 | 颜 ya,yan
3118 | 阎 yan
3119 | 炎 tan,yan
3120 | 沿 yan
3121 | 奄 yan
3122 | 掩 yan
3123 | 眼 wen,yan
3124 | 衍 yan
3125 | 演 yan
3126 | 艳 yan
3127 | 堰 yan
3128 | 燕 yan
3129 | 厌 ya,yan
3130 | 砚 yan
3131 | 雁 yan
3132 | 唁 yan
3133 | 彦 pan,yan
3134 | 焰 yan
3135 | 宴 yan
3136 | 谚 yan
3137 | 验 yan
3138 | 殃 yang
3139 | 央 yang,ying
3140 | 鸯 yang
3141 | 秧 yang
3142 | 杨 yang
3143 | 扬 yang
3144 | 佯 yang
3145 | 疡 yang
3146 | 羊 yang
3147 | 洋 xiang,yang
3148 | 阳 yang
3149 | 氧 yang
3150 | 仰 ang,yang
3151 | 痒 yang
3152 | 养 yang
3153 | 样 yang
3154 | 漾 yang
3155 | 邀 yao
3156 | 腰 yao
3157 | 妖 jiao,yao
3158 | 瑶 yao
3159 | 摇 yao
3160 | 尧 yao
3161 | 遥 yao
3162 | 窑 yao
3163 | 谣 yao
3164 | 姚 tao,tiao,yao
3165 | 咬 jiao,yao
3166 | 舀 yao
3167 | 药 lue,shuo,yao,yue
3168 | 要 yao
3169 | 耀 yao
3170 | 椰 ye
3171 | 噎 sha,ye,yi
3172 | 耶 xie,ye
3173 | 爷 ye
3174 | 野 shu,ye
3175 | 冶 ye
3176 | 也 ye,yi
3177 | 页 xie,ye
3178 | 掖 ye
3179 | 业 ye
3180 | 叶 xie,ye
3181 | 曳 ye
3182 | 腋 ye
3183 | 夜 ye
3184 | 液 shi,ye
3185 | 一 yi
3186 | 壹 yi,yin
3187 | 医 yi
3188 | 揖 ji,yi
3189 | 依 yi
3190 | 伊 yi
3191 | 衣 yi
3192 | 颐 yi
3193 | 夷 yi
3194 | 遗 sui,wei,yi
3195 | 移 chi,yi
3196 | 仪 yi
3197 | 胰 yi
3198 | 疑 ning,yi
3199 | 沂 yi,yin
3200 | 宜 yi
3201 | 姨 yi
3202 | 彝 yi
3203 | 椅 yi
3204 | 蚁 yi
3205 | 倚 ji,yi
3206 | 已 yi
3207 | 乙 jue,yi
3208 | 矣 xian,yi
3209 | 以 si,yi
3210 | 艺 yi
3211 | 抑 yi
3212 | 易 yi
3213 | 邑 e,yi
3214 | 屹 ge,yi
3215 | 亿 yi
3216 | 役 yi
3217 | 臆 yi
3218 | 逸 yi
3219 | 疫 yi
3220 | 亦 yi
3221 | 裔 yi
3222 | 意 yi
3223 | 毅 yi
3224 | 忆 yi
3225 | 义 xi,yi
3226 | 益 yi
3227 | 溢 yi
3228 | 诣 yi
3229 | 议 yi
3230 | 谊 yi
3231 | 译 yi
3232 | 异 yi
3233 | 翼 yi
3234 | 翌 yi
3235 | 绎 shi,yi
3236 | 茵 yin
3237 | 荫 yin
3238 | 因 yin
3239 | 殷 yan,yin
3240 | 音 yin
3241 | 阴 lin,yin
3242 | 姻 yin
3243 | 吟 jin,yin
3244 | 银 yin
3245 | 淫 yan,yao,yin
3246 | 寅 yin
3247 | 饮 yin
3248 | 尹 yin,yun
3249 | 引 yin
3250 | 隐 yin
3251 | 印 yi,yin
3252 | 英 yang,ying
3253 | 樱 ying
3254 | 婴 ying
3255 | 鹰 ying
3256 | 应 ying
3257 | 缨 ying
3258 | 莹 ying
3259 | 萤 ying
3260 | 营 ying
3261 | 荧 ying
3262 | 蝇 ying
3263 | 迎 ying
3264 | 赢 ying
3265 | 盈 ying
3266 | 影 ying
3267 | 颖 ying
3268 | 硬 geng,ying
3269 | 映 yang,ying
3270 | 哟 yo
3271 | 拥 yong
3272 | 佣 yong
3273 | 臃 yong
3274 | 痈 yong
3275 | 庸 yong
3276 | 雍 yong
3277 | 踊 yong
3278 | 蛹 yong
3279 | 咏 yong
3280 | 泳 yong
3281 | 涌 chong,yong
3282 | 永 yong
3283 | 恿 tong,yong
3284 | 勇 yong
3285 | 用 yong
3286 | 幽 you
3287 | 优 you
3288 | 悠 you
3289 | 忧 you
3290 | 尤 you
3291 | 由 yao,you
3292 | 邮 you
3293 | 铀 you,zhou
3294 | 犹 you
3295 | 油 you
3296 | 游 liu,you
3297 | 酉 you
3298 | 有 wei,you
3299 | 友 you
3300 | 右 you
3301 | 佑 you
3302 | 釉 you
3303 | 诱 you
3304 | 又 you
3305 | 幼 yao,you
3306 | 迂 yu
3307 | 淤 yu
3308 | 于 xu,yu
3309 | 盂 yu
3310 | 榆 yu
3311 | 虞 yu
3312 | 愚 yu
3313 | 舆 yu
3314 | 余 tu,xu,yu
3315 | 俞 shu,yu
3316 | 逾 dou,yu
3317 | 鱼 yu
3318 | 愉 tou,yu
3319 | 渝 yu
3320 | 渔 yu
3321 | 隅 yu
3322 | 予 yu,zhu
3323 | 娱 yu
3324 | 雨 yu
3325 | 与 yu
3326 | 屿 yu
3327 | 禹 yu
3328 | 宇 yu
3329 | 语 yu
3330 | 羽 hu,yu
3331 | 玉 yu
3332 | 域 yu
3333 | 芋 xu,yu
3334 | 郁 yu
3335 | 吁 xu,yu
3336 | 遇 ou,yong,yu
3337 | 喻 yu
3338 | 峪 yu
3339 | 御 wu,ya,yu
3340 | 愈 yu
3341 | 欲 yu
3342 | 狱 yu
3343 | 育 yo,yu
3344 | 誉 yu
3345 | 浴 yu
3346 | 寓 yu
3347 | 裕 yu
3348 | 预 yu
3349 | 豫 shu,xie,yu
3350 | 驭 yu
3351 | 鸳 yuan
3352 | 渊 yuan
3353 | 冤 yuan
3354 | 元 yuan
3355 | 垣 yuan
3356 | 袁 yuan
3357 | 原 yuan
3358 | 援 huan,yuan
3359 | 辕 yuan
3360 | 园 wan,yuan
3361 | 员 yuan,yun
3362 | 圆 yuan
3363 | 猿 yuan
3364 | 源 yuan
3365 | 缘 yuan
3366 | 远 yuan
3367 | 苑 yu,yuan,yun
3368 | 愿 yuan
3369 | 怨 yuan,yun
3370 | 院 yuan
3371 | 曰 yue
3372 | 约 di,yao,yue
3373 | 越 huo,yue
3374 | 跃 ti,yue
3375 | 钥 yao,yue
3376 | 岳 yue
3377 | 粤 yue
3378 | 月 ru,yue
3379 | 悦 yue
3380 | 阅 yue
3381 | 耘 yun
3382 | 云 yun
3383 | 郧 yun
3384 | 匀 jun,yun
3385 | 陨 yuan,yun
3386 | 允 yuan,yun
3387 | 运 yun
3388 | 蕴 wen,yun
3389 | 酝 yun
3390 | 晕 yun
3391 | 韵 yun
3392 | 孕 yun
3393 | 匝 za
3394 | 砸 za
3395 | 杂 duo,za
3396 | 栽 zai,zhi
3397 | 哉 zai
3398 | 灾 zai
3399 | 宰 zai
3400 | 载 zai,zi
3401 | 再 zai
3402 | 在 zai
3403 | 咱 za,zan
3404 | 攒 cuan,zan,zuan
3405 | 暂 zan
3406 | 赞 zan
3407 | 赃 zang
3408 | 脏 zang
3409 | 葬 zang
3410 | 遭 zao
3411 | 糟 zao
3412 | 凿 zao,zuo
3413 | 藻 zao
3414 | 枣 zao
3415 | 早 zao
3416 | 澡 cao,zao
3417 | 蚤 zao,zhao
3418 | 躁 zao
3419 | 噪 zao
3420 | 造 cao,zao
3421 | 皂 zao
3422 | 灶 zao
3423 | 燥 sao,zao
3424 | 责 ze,zhai
3425 | 择 yi,ze,zhai
3426 | 则 ze
3427 | 泽 ze
3428 | 贼 zei
3429 | 怎 zen
3430 | 增 ceng,zeng
3431 | 憎 zeng
3432 | 曾 ceng,zeng
3433 | 赠 zeng
3434 | 扎 za,zha
3435 | 喳 cha,zha
3436 | 渣 zha
3437 | 札 ya,zha
3438 | 轧 ga,ya,zha
3439 | 铡 zha
3440 | 闸 ge,ya,zha
3441 | 眨 zha
3442 | 栅 ce,shan,zha
3443 | 榨 zha
3444 | 咋 za,ze,zha
3445 | 乍 zha,zuo
3446 | 炸 zha
3447 | 诈 zha
3448 | 摘 zhai
3449 | 斋 zhai
3450 | 宅 che,du,zhai
3451 | 窄 zhai
3452 | 债 zhai
3453 | 寨 qian,se,zhai
3454 | 瞻 zhan
3455 | 毡 zhan
3456 | 詹 dan,zhan
3457 | 粘 nian,zhan
3458 | 沾 chan,dian,tian,zhan
3459 | 盏 zhan
3460 | 斩 zhan
3461 | 辗 nian,zhan
3462 | 崭 chan,zhan
3463 | 展 zhan
3464 | 蘸 zhan
3465 | 栈 zhan
3466 | 占 tie,zhan
3467 | 战 zhan
3468 | 站 zhan
3469 | 湛 chen,dan,tan,zhan
3470 | 绽 zhan
3471 | 樟 zhang
3472 | 章 zhang
3473 | 彰 zhang
3474 | 漳 zhang
3475 | 张 zhang
3476 | 掌 zhang
3477 | 涨 zhang
3478 | 杖 zhang
3479 | 丈 zhang
3480 | 帐 zhang
3481 | 账 zhang
3482 | 仗 zhang
3483 | 胀 chan,zhang
3484 | 瘴 zhang
3485 | 障 zhang
3486 | 招 qiao,shao,zhao
3487 | 昭 zhao
3488 | 找 hua,zhao
3489 | 沼 zhao
3490 | 赵 diao,zhao
3491 | 照 zhao
3492 | 罩 zhao
3493 | 兆 zhao
3494 | 肇 zhao
3495 | 召 shao,zhao
3496 | 遮 zhe
3497 | 折 she,shw,ti,zhe
3498 | 哲 zhe
3499 | 蛰 zhe
3500 | 辙 zhe
3501 | 者 zhe
3502 | 蔗 zhe
3503 | 这 yan,zhe
3504 | 浙 zhe
3505 | 珍 zhen
3506 | 斟 zhen
3507 | 真 zhen
3508 | 甄 juan,zhen
3509 | 砧 zhen
3510 | 臻 zhen
3511 | 贞 zhen
3512 | 针 zhen
3513 | 侦 zhen
3514 | 枕 chen,zhen
3515 | 疹 chen,zhen
3516 | 诊 zhen
3517 | 震 shen,zhen
3518 | 振 zhen
3519 | 镇 tian,zhen
3520 | 阵 zhen
3521 | 蒸 zheng
3522 | 挣 zheng
3523 | 睁 zheng
3524 | 征 zheng
3525 | 狰 zheng
3526 | 争 zheng
3527 | 怔 zheng
3528 | 整 zheng
3529 | 拯 zheng
3530 | 正 zheng
3531 | 政 zheng
3532 | 帧 zhen,zheng
3533 | 症 zheng
3534 | 郑 zheng
3535 | 证 zheng
3536 | 芝 zhi
3537 | 枝 qi,zhi
3538 | 支 qi,zhi
3539 | 吱 qi,zhi,zi
3540 | 蜘 zhi
3541 | 知 zhi
3542 | 肢 shi,zhi
3543 | 脂 zhi
3544 | 汁 shi,xie,zhi
3545 | 之 zhi
3546 | 织 zhi
3547 | 职 zhi
3548 | 直 zhi
3549 | 植 zhi
3550 | 殖 shi,zhi
3551 | 执 zhi
3552 | 值 zhi
3553 | 侄 zhi
3554 | 址 zhi
3555 | 指 zhi
3556 | 止 zheng,zhi
3557 | 趾 zhi
3558 | 只 zhi
3559 | 旨 zhi
3560 | 纸 zhi
3561 | 志 zhi
3562 | 挚 zhi
3563 | 掷 zhi
3564 | 至 die,zhi
3565 | 致 zhi,zhui
3566 | 置 zhi
3567 | 帜 zhi
3568 | 峙 shi,zhi
3569 | 制 zhi
3570 | 智 zhi
3571 | 秩 zhi
3572 | 稚 zhi
3573 | 质 zhi
3574 | 炙 zhi
3575 | 痔 zhi
3576 | 滞 chi,zhi
3577 | 治 chi,yi,zhi
3578 | 窒 die,zhi
3579 | 中 zhong
3580 | 盅 chong,zhong
3581 | 忠 zhong
3582 | 钟 zhong
3583 | 衷 zhong
3584 | 终 zhong
3585 | 种 chong,zhong
3586 | 肿 zhong
3587 | 重 chong,tong,zhong
3588 | 仲 zhong
3589 | 众 yin,zhong
3590 | 舟 zhou
3591 | 周 zhou
3592 | 州 zhou
3593 | 洲 zhou
3594 | 诌 chao,chou,zhou
3595 | 粥 yu,zhou
3596 | 轴 zhou
3597 | 肘 zhou
3598 | 帚 zhou
3599 | 咒 zhou
3600 | 皱 zhou
3601 | 宙 zhou
3602 | 昼 zhou
3603 | 骤 zhou
3604 | 珠 zhu
3605 | 株 zhu
3606 | 蛛 zhu
3607 | 朱 shu,zhu
3608 | 猪 zhu
3609 | 诸 chu,zhu
3610 | 诛 zhu
3611 | 逐 di,tun,zhou,zhu
3612 | 竹 zhu
3613 | 烛 chong,zhu
3614 | 煮 zhu
3615 | 拄 zhu
3616 | 瞩 zhu
3617 | 嘱 zhu
3618 | 主 zhu
3619 | 著 chu,zhao,zhe,zhu,zhuo
3620 | 柱 zhu
3621 | 助 chu,zhu
3622 | 蛀 zhu
3623 | 贮 zhu
3624 | 铸 zhu
3625 | 筑 zhu
3626 | 住 zhu
3627 | 注 zhou,zhu
3628 | 祝 chu,zhou,zhu
3629 | 驻 zhu
3630 | 抓 zhua
3631 | 爪 zhao,zhua
3632 | 拽 ye,zhuai
3633 | 专 zhuan
3634 | 砖 zhuan
3635 | 转 zhuai,zhuan
3636 | 撰 suan,xuan,zhuan
3637 | 赚 zhuan,zuan
3638 | 篆 zhuan
3639 | 桩 zhuang
3640 | 庄 peng,zhuang
3641 | 装 zhuang
3642 | 妆 zhuang
3643 | 撞 zhuang
3644 | 壮 zhuang
3645 | 状 zhuang
3646 | 椎 chui,zhui
3647 | 锥 zhui
3648 | 追 dui,tui,zhui
3649 | 赘 zhui
3650 | 坠 zhui
3651 | 缀 chuo,zhui
3652 | 谆 zhun
3653 | 准 zhun
3654 | 捉 zhuo
3655 | 拙 zhuo
3656 | 卓 zhuo
3657 | 桌 zhuo
3658 | 琢 zhuo,zuo
3659 | 茁 zhu,zhuo
3660 | 酌 zhuo
3661 | 啄 zhou,zhuo
3662 | 着 zhao,zhe,zhuo
3663 | 灼 zhuo
3664 | 浊 zhuo
3665 | 兹 ci,zi
3666 | 咨 zi
3667 | 资 zi
3668 | 姿 zi
3669 | 滋 ci,zi
3670 | 淄 zi
3671 | 孜 zi
3672 | 紫 zi
3673 | 仔 zai,zi
3674 | 籽 zi
3675 | 滓 zi
3676 | 子 zi
3677 | 自 zi
3678 | 渍 qi,se,zi
3679 | 字 zi
3680 | 鬃 zong
3681 | 棕 zong
3682 | 踪 zong
3683 | 宗 zong
3684 | 综 zeng,zong
3685 | 总 long,zong
3686 | 纵 cong,zong
3687 | 邹 ju,zou
3688 | 走 zou
3689 | 奏 cou,zou
3690 | 揍 cou,zou
3691 | 租 ju,zu
3692 | 足 ju,zu
3693 | 卒 cu,zu
3694 | 族 cou,sou,zou,zu
3695 | 祖 jie,zu
3696 | 诅 zu
3697 | 阻 zhu,zu
3698 | 组 qu,zu
3699 | 钻 zuan
3700 | 纂 zuan
3701 | 嘴 zui
3702 | 醉 zui
3703 | 最 cuo,zui
3704 | 罪 zui
3705 | 尊 zun
3706 | 遵 zun
3707 | 昨 zuo
3708 | 左 zuo
3709 | 佐 zuo
3710 | 柞 ze,zha,zuo
3711 | 做 zuo
3712 | 作 zuo
3713 | 坐 zuo
3714 | 座 zuo
3715 | 兀 wu
3716 | 丐 gai
3717 | 廿 nian
3718 | 卅 sa
3719 | 丕 pi
3720 | 亘 gen,xuan
3721 | 丞 cheng,sheng,zheng
3722 | 噩 e
3723 | 禺 yu
3724 | 匕 bi,pin
3725 | 夭 wai,wo,yao
3726 | 胤 yin
3727 | 毓 yu
3728 | 睾 gao,hao
3729 | 亟 ji,qi
3730 | 啬 se
3731 | 仄 ze
3732 | 厥 jue
3733 | 厮 si
3734 | 靥 yan,ye
3735 | 赝 yan
3736 | 叵 po
3737 | 匮 gui,kui
3738 | 匾 bian
3739 | 卦 gua
3740 | 刎 wen
3741 | 剌 la
3742 | 剜 wan
3743 | 剽 biao,piao
3744 | 罔 wang
3745 | 仃 ding
3746 | 仞 ren
3747 | 伧 cang,chen
3748 | 伉 gang,kang
3749 | 伫 zhu
3750 | 佞 ning
3751 | 攸 you
3752 | 佚 die,yi
3753 | 佝 gou,ju,kou
3754 | 佟 tong
3755 | 佗 tuo,yi
3756 | 伽 ga,jia,qie
3757 | 侃 kan
3758 | 侏 zhou,zhu
3759 | 佻 diao,tiao
3760 | 佼 jiao,xiao
3761 | 侬 nong
3762 | 俦 chou,dao
3763 | 俨 yan
3764 | 俪 li
3765 | 俚 li
3766 | 俑 yong
3767 | 俟 qi,si
3768 | 俸 beng,feng
3769 | 倩 qian,qing
3770 | 偌 re,ruo
3771 | 俳 pai
3772 | 倏 shu
3773 | 倭 wei,wo
3774 | 俾 bei,bi,pi
3775 | 倜 diao,ti,zhou
3776 | 倌 guan
3777 | 倨 ju
3778 | 偃 yan
3779 | 偕 xie
3780 | 偎 wei
3781 | 偻 liu,lou,lv
3782 | 傥 tang
3783 | 傩 nuo
3784 | 儆 jing
3785 | 僭 jian,zen
3786 | 僮 chong,tong,zhuang
3787 | 仝 tong
3788 | 佘 she
3789 | 佥 qian
3790 | 俎 zu
3791 | 兮 xi
3792 | 巽 xun
3793 | 夔 kui
3794 | 匍 pu
3795 | 匐 fu
3796 | 夙 su
3797 | 兖 yan
3798 | 亳 bo
3799 | 衮 gun
3800 | 袤 mao,mou
3801 | 亵 xie
3802 | 禀 bing
3803 | 嬴 ying
3804 | 羸 lei,lian
3805 | 冽 lie
3806 | 冢 zhong
3807 | 冥 mian,ming
3808 | 讪 shan
3809 | 讴 ou,xu
3810 | 讷 ne
3811 | 诃 he
3812 | 诋 di,ti
3813 | 诏 zhao
3814 | 诓 kuang
3815 | 诘 ji,jie
3816 | 诙 hui
3817 | 诟 gou,hou
3818 | 诠 quan
3819 | 诩 xu
3820 | 诮 qiao
3821 | 诰 gao
3822 | 诳 kuang
3823 | 诿 wei
3824 | 谀 yu
3825 | 谄 chan
3826 | 谌 chen
3827 | 谏 jian,lan
3828 | 谑 nue,xue
3829 | 谒 ye
3830 | 谕 tou,yu
3831 | 谙 an,tou
3832 | 谛 di,ti
3833 | 谟 mo
3834 | 谡 su
3835 | 谧 mi
3836 | 谪 ze,zhe
3837 | 谲 jue
3838 | 阡 qian
3839 | 阱 jing
3840 | 阪 ban
3841 | 陂 bei,bi,pi,po
3842 | 陟 de,zhi
3843 | 陲 chui
3844 | 隍 huang
3845 | 隗 gui,kui,wei
3846 | 邛 qiong
3847 | 邝 kuang,kuo
3848 | 邙 mang
3849 | 邬 wu
3850 | 邡 fang
3851 | 邺 qiu,ye
3852 | 邸 di
3853 | 郅 ji,zhi
3854 | 郓 yun
3855 | 郦 li,zhi
3856 | 郢 cheng,ying
3857 | 郜 gao
3858 | 郗 chi,xi
3859 | 鄢 yan
3860 | 鄱 pan,pi,po
3861 | 刍 chu
3862 | 奂 huan
3863 | 劭 shao
3864 | 劾 he,kai
3865 | 勖 mao,xu
3866 | 叟 sou,xiao
3867 | 燮 xie
3868 | 矍 jue
3869 | 弁 bian,pan
3870 | 塾 shu
3871 | 壑 he
3872 | 圩 wei,xu
3873 | 圳 chou,huai,quan,zhen
3874 | 圻 qi,yin
3875 | 坂 ban
3876 | 坳 ao,you
3877 | 垠 ken,yin
3878 | 垸 huan,yuan
3879 | 墀 chi
3880 | 馨 xin
3881 | 懿 yi
3882 | 艹 cao
3883 | 芊 qian
3884 | 芙 fu
3885 | 芸 yun
3886 | 芷 zhi
3887 | 芮 rui,ruo
3888 | 茉 mo
3889 | 茏 long
3890 | 苜 mu
3891 | 苒 ran
3892 | 苓 lian,ling
3893 | 茔 ying
3894 | 茜 qian,xi
3895 | 莒 ju
3896 | 茴 hui
3897 | 茱 zhu
3898 | 荞 qiao
3899 | 荏 ren
3900 | 荃 chuo,quan
3901 | 荟 hui
3902 | 荀 xun
3903 | 茗 ming
3904 | 荪 sun
3905 | 莠 xiu,you
3906 | 莓 mei
3907 | 莅 li
3908 | 荼 cha,shu,tu,ye
3909 | 荻 di
3910 | 莘 shen,xin
3911 | 莞 guan,wan
3912 | 莺 ying
3913 | 菁 jing
3914 | 堇 jin,qin
3915 | 萋 qi
3916 | 萃 cui
3917 | 菅 guan,jian
3918 | 萦 ying
3919 | 菡 han
3920 | 葳 wei
3921 | 葺 qi
3922 | 萼 e
3923 | 葆 bao
3924 | 葩 pa
3925 | 萱 xuan
3926 | 蓦 ma,mo
3927 | 蓓 bei
3928 | 蒿 gao,hao
3929 | 蔺 lin
3930 | 蔻 kou
3931 | 蕙 hui
3932 | 蕃 bo,fan,pi
3933 | 蕲 ji,qi,qin
3934 | 薇 wei
3935 | 薮 cou,shu,sou
3936 | 薰 xun
3937 | 藓 xian
3938 | 藜 li
3939 | 蘅 heng
3940 | 弈 yi
3941 | 奁 lian
3942 | 耷 da,zhe
3943 | 奕 yi
3944 | 奚 xi
3945 | 尬 ga
3946 | 尴 gan
3947 | 扪 men
3948 | 拚 bian,fan,fen,pan,pin
3949 | 拗 ao,niu,yu
3950 | 拮 jia,jie
3951 | 挹 yi
3952 | 捋 lu,luo,lv
3953 | 揶 ye
3954 | 捱 ai
3955 | 捺 na
3956 | 掬 ju
3957 | 掮 qian
3958 | 掼 guan
3959 | 揿 qin
3960 | 揄 chou,shu,you,yu
3961 | 摒 bing
3962 | 揆 kui
3963 | 搡 sang
3964 | 摞 luo
3965 | 摺 la,xie,zhe
3966 | 撷 xie
3967 | 撺 cuan
3968 | 擢 zhuo
3969 | 攥 zuan
3970 | 弋 yi
3971 | 忒 tui
3972 | 弑 shi
3973 | 叱 chi
3974 | 叽 ji
3975 | 叩 kou
3976 | 叨 dao,tao
3977 | 吒 zha
3978 | 吆 yao
3979 | 呓 yi
3980 | 呃 ai,e
3981 | 呗 bai,bei
3982 | 咂 za
3983 | 咔 ka,nong
3984 | 呷 ga,jia,xia
3985 | 呱 gu,gua
3986 | 咚 dong
3987 | 咛 ning
3988 | 咄 duo
3989 | 呶 na,nao,nu
3990 | 呦 you
3991 | 咝 si
3992 | 咭 ji,qia,xi
3993 | 哂 shen
3994 | 哒 da
3995 | 咧 lei,lie
3996 | 咦 xi,yi
3997 | 咻 xiao,xiu,xu
3998 | 咿 yi
3999 | 咪 mai,mi,mie
4000 | 咤 zha
4001 | 哝 nang,nong
4002 | 哧 chi,xia
4003 | 唠 chao,lao,xiao
4004 | 哽 geng,ying
4005 | 唔 en,wu
4006 | 唏 xi,xie
4007 | 唧 ji,jie
4008 | 啧 ze
4009 | 喏 nuo,re
4010 | 啭 zhuan
4011 | 啕 tao
4012 | 啐 cui,e,za,zu
4013 | 唷 yo,yu
4014 | 啖 dan
4015 | 啷 lang
4016 | 唳 li
4017 | 唰 shua
4018 | 啜 chuai,chuo,zhuo
4019 | 喋 die,qie,zha
4020 | 嗒 da,ta
4021 | 喃 nan
4022 | 喁 yong,yu
4023 | 喟 huai,kui
4024 | 啾 jiu
4025 | 嗖 sou,su
4026 | 喑 yin
4027 | 啻 chi,di
4028 | 嗟 jie,jue
4029 | 喽 lou
4030 | 喔 o,wo,wu
4031 | 喙 hui,zhou
4032 | 嗷 ao
4033 | 嘟 du
4034 | 嗑 he,ke,xia
4035 | 嗫 nie,zhe
4036 | 嗬 he
4037 | 嗔 chen,tian
4038 | 嗦 suo
4039 | 嗝 ge
4040 | 嗄 a,sha,xia
4041 | 嗯 en,n,ng
4042 | 嗥 hao
4043 | 嗳 ai
4044 | 嗨 hai,hei
4045 | 嗤 chi
4046 | 辔 pei
4047 | 嘈 cao
4048 | 嘤 ying
4049 | 嘀 di,zhe
4050 | 嘭 peng
4051 | 噘 jue
4052 | 嘹 liao
4053 | 噗 pu
4054 | 噢 ao,o,yu
4055 | 噙 qin
4056 | 噜 lu
4057 | 噤 jin
4058 | 噱 jue,xue
4059 | 噫 ai,yi
4060 | 噼 pi
4061 | 嚅 ru
4062 | 嚓 ca,cha
4063 | 囔 nang
4064 | 囗 guo,wei
4065 | 囡 nan,nie
4066 | 囵 lun
4067 | 囫 hu
4068 | 囹 ling
4069 | 囿 you
4070 | 圄 yu
4071 | 圜 huan,yuan
4072 | 帏 wei
4073 | 帙 zhi
4074 | 帼 guo
4075 | 帷 wei
4076 | 幄 wo
4077 | 幔 man
4078 | 幡 fan
4079 | 岌 ji
4080 | 岐 qi
4081 | 岖 qu
4082 | 岑 cen
4083 | 岚 lan
4084 | 岫 xiu
4085 | 岱 dai
4086 | 岷 min
4087 | 峒 dong,tong
4088 | 峤 jiao,qiao
4089 | 峋 xun
4090 | 峥 zheng
4091 | 崂 lao
4092 | 崆 kong
4093 | 崛 jue,yu
4094 | 嵘 rong
4095 | 崴 wai,wei
4096 | 崽 zai
4097 | 嵬 wei
4098 | 嵋 mei
4099 | 嵩 song
4100 | 嶂 zhang
4101 | 嶙 lin
4102 | 巅 dian
4103 | 彷 fang,pang
4104 | 徇 xun
4105 | 徉 yang
4106 | 後 hou
4107 | 徕 lai
4108 | 徙 si,xi
4109 | 徜 chang
4110 | 徨 huang
4111 | 徵 cheng,zheng,zhi
4112 | 衢 qu
4113 | 犷 guang
4114 | 狎 xia
4115 | 狩 shou
4116 | 狲 sun
4117 | 猗 ji,wei,yi
4118 | 猝 cu
4119 | 猕 mi
4120 | 猢 hu
4121 | 猥 wei
4122 | 猬 wei
4123 | 獐 zhang
4124 | 獗 jue
4125 | 獠 lao,liao
4126 | 舛 chuan
4127 | 夥 huo
4128 | 饨 tun,zhun
4129 | 饪 ren
4130 | 饬 chi,shi
4131 | 饴 si,yi
4132 | 饷 xiang
4133 | 饽 bo
4134 | 馀 ye,yu
4135 | 馄 hun,kun
4136 | 馊 sou
4137 | 馍 mo
4138 | 馐 xiu
4139 | 馔 xuan,zhuan
4140 | 庖 pao
4141 | 庵 an,e,yan
4142 | 庾 yu
4143 | 赓 geng
4144 | 膺 ying
4145 | 忖 cun
4146 | 忏 chan,qian
4147 | 怄 ou
4148 | 忡 chong
4149 | 忤 wu
4150 | 忾 kai,qi
4151 | 怅 chang
4152 | 怆 chuang
4153 | 忪 song,zhong
4154 | 忸 niu
4155 | 怵 chu,xu
4156 | 怦 peng
4157 | 怏 yang
4158 | 怩 ni
4159 | 怡 yi
4160 | 恸 tong
4161 | 恹 yan
4162 | 恻 ce
4163 | 恺 kai
4164 | 恂 shun,xun
4165 | 恪 ke
4166 | 恽 yun
4167 | 悖 bei
4168 | 悚 song
4169 | 悒 yi
4170 | 悌 ti
4171 | 惬 qie
4172 | 悻 xing
4173 | 惘 wang
4174 | 惆 chou,dao,qiu
4175 | 惚 hu
4176 | 悴 cui
4177 | 愠 wen,yun
4178 | 愕 e
4179 | 惴 chuan,gua,zhui
4180 | 愎 bi
4181 | 愫 su
4182 | 慵 yong
4183 | 憬 jing
4184 | 憔 qiao
4185 | 憧 chong,zhuang
4186 | 懵 meng
4187 | 忝 tian
4188 | 闩 shuan
4189 | 闱 wei
4190 | 闳 hong
4191 | 闵 min
4192 | 闾 lv
4193 | 阈 yu
4194 | 阒 qu
4195 | 阕 jue,kui,que
4196 | 阖 he
4197 | 阙 jue,que
4198 | 阚 han,kan,xian
4199 | 爿 pan,qiang
4200 | 戕 qiang,zang
4201 | 氵 san,shui
4202 | 沅 yuan
4203 | 沐 mu
4204 | 沌 chun,dun,tun,zhuan
4205 | 汨 mi
4206 | 汩 gu,hu,yu
4207 | 汴 bian
4208 | 汶 men,min,wen
4209 | 泸 lu
4210 | 泱 yang
4211 | 泗 si
4212 | 泠 ling
4213 | 沱 chi,duo,tuo
4214 | 泓 hong
4215 | 泯 mian,min
4216 | 泾 jing
4217 | 浃 jia,xia
4218 | 洙 zhu
4219 | 洵 xuan,xun
4220 | 浏 liu
4221 | 浒 hu,xu
4222 | 浔 xun,yin
4223 | 涓 juan,xuan,yuan
4224 | 涔 cen,qian,zan
4225 | 浜 bang,bin
4226 | 浣 huan
4227 | 渚 zhu
4228 | 淇 qi
4229 | 淅 xi
4230 | 淞 song
4231 | 渎 dou,du
4232 | 涿 zhuo
4233 | 淦 gan,han
4234 | 淙 cong,shuang
4235 | 涮 shua,shuan
4236 | 湮 yan
4237 | 湎 mian
4238 | 湟 huang,kuang
4239 | 渲 xuan
4240 | 渥 ou,wo,wu
4241 | 湄 mei
4242 | 滟 yan
4243 | 滢 ying
4244 | 溥 bu,fu,po,pu
4245 | 滂 pang,peng
4246 | 溟 mi,ming
4247 | 潢 guang,huang
4248 | 潇 xiao
4249 | 漕 cao
4250 | 漪 yi
4251 | 漉 lu
4252 | 漩 xuan
4253 | 澍 shu,zhu
4254 | 潸 shan
4255 | 潼 chong,tong,zhong
4256 | 潺 chan
4257 | 濑 lai
4258 | 澧 li
4259 | 澹 dan,shan,tan
4260 | 濂 lian,xian
4261 | 濡 er,nuan,ru,ruan
4262 | 濮 pu
4263 | 濠 hao
4264 | 濯 shuo,zhao,zhuo
4265 | 瀚 han
4266 | 瀛 ying
4267 | 灏 hao
4268 | 宕 dang
4269 | 宓 fu,mi
4270 | 宥 you
4271 | 宸 chen
4272 | 骞 jian,qian
4273 | 寮 liao
4274 | 寰 huan,xian
4275 | 蹇 jian
4276 | 迥 jiong
4277 | 迤 tuo,yi
4278 | 迩 er
4279 | 迦 jia,xie
4280 | 迳 jing
4281 | 逅 hou
4282 | 逦 li
4283 | 逍 xiao
4284 | 逡 qun,suo,xun
4285 | 逵 kui
4286 | 逶 wei
4287 | 遑 huang
4288 | 遒 qiu
4289 | 遐 xia
4290 | 遨 ao
4291 | 遢 ta
4292 | 遛 liu
4293 | 暹 xian
4294 | 遴 lin
4295 | 遽 ju,qu
4296 | 邂 xie
4297 | 邈 miao
4298 | 邃 sui
4299 | 邋 la,lie
4300 | 彗 hui
4301 | 咫 zhi
4302 | 屐 ji
4303 | 孱 can,chan,jian
4304 | 弩 nu
4305 | 弭 mi
4306 | 弼 bi
4307 | 妃 fei,pei
4308 | 妍 yan
4309 | 妩 wu
4310 | 妪 kou,yu
4311 | 姊 zi
4312 | 妞 hao,niu
4313 | 妤 yu
4314 | 妲 da
4315 | 姗 pan,shan,xian
4316 | 妾 qie
4317 | 娅 ya
4318 | 娆 rao,yao
4319 | 姝 shu
4320 | 姣 jiao,xiao
4321 | 姘 pin
4322 | 姹 cha
4323 | 娉 pin,ping
4324 | 娲 wa
4325 | 娴 xian
4326 | 娑 suo
4327 | 娣 di
4328 | 娓 wei
4329 | 婀 e
4330 | 婊 biao
4331 | 婕 jie,qie
4332 | 娼 chang
4333 | 婢 bi
4334 | 婵 chan
4335 | 媪 ao,wo,yun
4336 | 媛 yuan
4337 | 婷 ting
4338 | 媲 bi,pi
4339 | 嫔 pin
4340 | 嫣 yan
4341 | 嫖 biao,piao
4342 | 嫦 chang
4343 | 嬉 xi
4344 | 嬗 chan,shan
4345 | 嬷 ma,mo
4346 | 孀 shuang
4347 | 尕 ga
4348 | 孚 fu
4349 | 孑 jie
4350 | 孢 bao
4351 | 驷 si
4352 | 驸 fu
4353 | 驿 yi
4354 | 骁 xiao
4355 | 骅 hua
4356 | 骈 pian
4357 | 骊 chi,li
4358 | 骛 wu
4359 | 骜 ao,yao
4360 | 骝 liu
4361 | 骠 biao,diao,piao
4362 | 骥 ji
4363 | 骧 xiang
4364 | 纣 zhou
4365 | 纨 wan
4366 | 纭 yun
4367 | 纰 bi,pi
4368 | 纾 shu
4369 | 绉 chao,cu,zhou
4370 | 绌 chu
4371 | 绔 ku
4372 | 绛 jiang
4373 | 绡 shao,xiao
4374 | 绫 ling
4375 | 绮 qi,yi
4376 | 绯 fei
4377 | 绶 shou
4378 | 绺 liu
4379 | 绾 wan
4380 | 缈 miao
4381 | 缙 jin
4382 | 缜 chen,zhen
4383 | 缢 yi
4384 | 缤 bin
4385 | 缥 piao
4386 | 缪 jiu,miao,miu,mou,mu
4387 | 缭 liao,rao
4388 | 缰 jiang
4389 | 幺 mi,yao
4390 | 畿 ji
4391 | 邕 yong
4392 | 玑 ji
4393 | 玮 wei
4394 | 珏 jue
4395 | 珂 ke
4396 | 珑 long
4397 | 玷 dian
4398 | 玳 dai
4399 | 珀 po
4400 | 珉 min
4401 | 珈 jia,ka
4402 | 珩 hang,heng
4403 | 珞 li,luo
4404 | 玺 xi
4405 | 琏 lian
4406 | 琪 qi
4407 | 瑛 ying
4408 | 琦 qi
4409 | 琥 hu
4410 | 琨 kun
4411 | 琰 yan
4412 | 琮 cong
4413 | 琬 wan
4414 | 琛 chen
4415 | 瑁 mao,q
4416 | 瑜 yu
4417 | 瑕 xia
4418 | 瑙 nao
4419 | 瑾 jin
4420 | 璜 huang
4421 | 璀 cui
4422 | 璇 xuan
4423 | 璋 zhang
4424 | 璞 pu
4425 | 璨 can
4426 | 璐 lu
4427 | 璧 bi
4428 | 韫 wen,yun
4429 | 韬 tao
4430 | 杓 biao,di,shao,zhuo
4431 | 杞 qi
4432 | 杈 cha
4433 | 枇 bi,pi
4434 | 杳 yao
4435 | 杵 chu
4436 | 枭 xiao
4437 | 杷 ba,pa
4438 | 杼 shu,zhu
4439 | 栉 zhi
4440 | 柩 jiu
4441 | 柚 you,zhou
4442 | 桠 ya
4443 | 桎 zhi
4444 | 桢 zhen
4445 | 桦 hua
4446 | 桧 gui,hui
4447 | 桀 jie
4448 | 栾 luan
4449 | 栩 xu,yu
4450 | 梵 fan
4451 | 梏 gu
4452 | 梓 zi
4453 | 棂 ling
4454 | 棹 zhao,zhuo
4455 | 椁 guo
4456 | 棣 dai,di,ti
4457 | 楠 nan
4458 | 楂 cha,zha
4459 | 榄 lan
4460 | 楫 ji
4461 | 槌 chui,zhui
4462 | 榈 lv
4463 | 楣 mei
4464 | 楹 ying
4465 | 榛 zhen
4466 | 榻 ta
4467 | 榭 xie
4468 | 槁 gao,kao
4469 | 槟 bin,bing
4470 | 榕 rong
4471 | 橄 gan
4472 | 橐 du,luo,tuo
4473 | 樵 qiao
4474 | 橹 lu
4475 | 樽 zun
4476 | 樨 xi
4477 | 橘 ju
4478 | 檐 dan,yan
4479 | 猷 you
4480 | 殁 mo,wen
4481 | 殇 shang
4482 | 殒 yun
4483 | 殓 lian
4484 | 殚 dan
4485 | 殡 bin
4486 | 轭 e
4487 | 轲 ke
4488 | 轶 die,yi,zhe
4489 | 轼 shi
4490 | 辂 he,lu,ya
4491 | 辄 zhe
4492 | 辇 nian
4493 | 辍 chuo
4494 | 辎 zi
4495 | 辘 lu
4496 | 戛 jia
4497 | 戟 ji
4498 | 戬 jian
4499 | 臧 cang,zang
4500 | 瓯 ou
4501 | 昊 hao
4502 | 昙 tan,yu
4503 | 昕 cuan,xin
4504 | 昀 yun
4505 | 昱 yu
4506 | 昶 chang
4507 | 昵 ni,zhi
4508 | 耆 qi,shi,zhi
4509 | 晟 cheng,jing,sheng
4510 | 晔 ye
4511 | 晁 chao,zhao
4512 | 晏 yan
4513 | 晖 hui
4514 | 暄 xuan
4515 | 暧 ai
4516 | 暝 ming
4517 | 曜 yao
4518 | 曦 xi
4519 | 贲 ben,bi,fen
4520 | 贻 yi
4521 | 赅 gai
4522 | 赈 zhen
4523 | 觊 ji
4524 | 觎 yu
4525 | 觐 jin
4526 | 觑 qu
4527 | 牝 pin
4528 | 牦 mao
4529 | 犄 ji,yi
4530 | 犒 kao
4531 | 挈 jia,qi,qia,qie
4532 | 挲 sa,sha,suo
4533 | 掰 bai,bo
4534 | 擘 bo
4535 | 耄 mao
4536 | 氅 chang
4537 | 氤 yan,yin
4538 | 氲 yun
4539 | 敕 chi,sou
4540 | 牍 du
4541 | 牒 die
4542 | 牖 you
4543 | 爰 yuan
4544 | 虢 guo
4545 | 肱 gong
4546 | 肴 yao
4547 | 胧 long
4548 | 胛 jia
4549 | 胄 zhou
4550 | 胫 jing,keng
4551 | 胱 guang
4552 | 胴 dong
4553 | 胭 yan
4554 | 脍 kuai
4555 | 朕 zhen
4556 | 豚 dun,tun
4557 | 腈 jing
4558 | 腌 a,yan
4559 | 腴 yu
4560 | 腼 mian
4561 | 滕 teng
4562 | 朦 mang,meng
4563 | 臊 sao
4564 | 膻 dan,shan
4565 | 欤 yu
4566 | 歆 xin
4567 | 歙 she,xi,xie
4568 | 飒 li,sa
4569 | 飓 ju
4570 | 飕 sou
4571 | 飙 biao
4572 | 飚 biao
4573 | 彀 gou,kao
4574 | 毂 gu
4575 | 斐 fei
4576 | 斓 lan
4577 | 於 wu,yu
4578 | 旄 mao,wu
4579 | 旌 jing
4580 | 旎 ni
4581 | 旖 yi
4582 | 炀 yang
4583 | 炜 wei
4584 | 炖 dun,tun
4585 | 炷 zhu
4586 | 炫 xuan
4587 | 烨 ye
4588 | 烊 yang
4589 | 焱 yan,yi
4590 | 煜 yu
4591 | 煨 wei,yu
4592 | 煊 xuan
4593 | 熵 shang
4594 | 熨 wei,yu,yun
4595 | 熠 yi
4596 | 燧 sui
4597 | 焘 dao,tao
4598 | 煦 xiu,xu
4599 | 熹 xi
4600 | 戾 li
4601 | 扈 hu
4602 | 扉 fei
4603 | 祀 si
4604 | 祉 zhi
4605 | 祛 qu
4606 | 祜 hu
4607 | 祚 zuo
4608 | 祗 qi,zhi
4609 | 祠 ci,si
4610 | 祯 zhen
4611 | 祺 qi
4612 | 禅 chan,shan
4613 | 禧 xi
4614 | 忑 dao
4615 | 忐 keng,tan
4616 | 恚 hui
4617 | 恁 nen,nin,ren
4618 | 恙 yang
4619 | 恣 zi
4620 | 憩 qi
4621 | 懋 mao
4622 | 懑 men
4623 | 聿 yu
4624 | 沓 da,ta
4625 | 淼 miao
4626 | 矶 ji
4627 | 斫 chuo,zhuo
4628 | 砭 bian
4629 | 砺 li
4630 | 砼 tong
4631 | 砥 di
4632 | 碣 jie,ke,ya
4633 | 磬 qing
4634 | 礴 bo
4635 | 龛 kan
4636 | 盹 dun,zhun
4637 | 眈 chen,dan
4638 | 眸 mou
4639 | 睐 lai
4640 | 睑 jian
4641 | 睇 di,ti
4642 | 睨 ni
4643 | 睢 hui,sui
4644 | 睿 rui
4645 | 睽 ji,kui
4646 | 瞌 ke
4647 | 瞑 meng,mian,ming
4648 | 瞟 piao
4649 | 瞠 cheng,zheng
4650 | 瞰 kan
4651 | 町 ding,tian,ting,zheng
4652 | 畲 she
4653 | 畹 wan
4654 | 罡 gang
4655 | 罹 li
4656 | 羁 ji
4657 | 盥 guan
4658 | 钅 jin
4659 | 钊 zhao
4660 | 钏 chuan
4661 | 钗 cha,chai
4662 | 钛 tai
4663 | 钜 ju
4664 | 钤 han,qian
4665 | 钰 yu
4666 | 钹 bo
4667 | 钺 yue
4668 | 钿 dian,tian
4669 | 铄 li,shuo,yue
4670 | 铉 xuan
4671 | 铎 duo
4672 | 铐 kao
4673 | 铛 cheng,dang,tang
4674 | 铠 kai
4675 | 铢 zhu
4676 | 铤 ding,ting
4677 | 铧 hua
4678 | 铨 quan
4679 | 铮 zheng
4680 | 铵 an
4681 | 铿 keng
4682 | 锂 li
4683 | 锉 cuo
4684 | 锏 jian
4685 | 锟 gun,kun
4686 | 锢 gu
4687 | 锲 qie
4688 | 锷 e
4689 | 镂 lou,lv
4690 | 锵 qiang
4691 | 镌 juan
4692 | 镖 biao
4693 | 镛 yong
4694 | 镫 deng
4695 | 镯 shu,zhuo
4696 | 镳 biao
4697 | 锺 zhong
4698 | 雉 kai,si,yi,zhi
4699 | 秣 mo
4700 | 嵇 ji
4701 | 稔 ren
4702 | 稷 ji,ze
4703 | 黏 nian
4704 | 馥 bi,fu
4705 | 穰 rang
4706 | 皈 gui
4707 | 皎 jiao
4708 | 皓 hao,hui
4709 | 皙 xi
4710 | 甬 dong,yong
4711 | 鸠 jiu,qiu,zhi
4712 | 鸢 yuan
4713 | 鸨 bao
4714 | 鸩 zhen
4715 | 鸪 gu
4716 | 鸾 luan
4717 | 鹂 li
4718 | 鹄 gu,he,hu
4719 | 鹉 wu
4720 | 鹌 an,ya
4721 | 鹑 chun,tuan
4722 | 鹗 e
4723 | 鹜 wu
4724 | 鹞 yao
4725 | 鹦 ying
4726 | 鹧 zhe
4727 | 鹫 jiu
4728 | 鹭 lu
4729 | 鹳 guan,huan,quan
4730 | 痂 jia
4731 | 痣 zhi
4732 | 痨 lao
4733 | 痫 xian
4734 | 痼 gu
4735 | 瘀 yu
4736 | 瘠 ji
4737 | 瘾 yin
4738 | 癞 la,lai
4739 | 癖 pi
4740 | 癫 dian
4741 | 翊 yi
4742 | 穹 kong,qiong
4743 | 窈 yao
4744 | 窕 tiao
4745 | 窦 dou
4746 | 窠 ke
4747 | 衲 na
4748 | 袂 mei,yi
4749 | 裆 dang
4750 | 裱 biao
4751 | 褚 chu,zhe,zhu
4752 | 裨 bi,pi
4753 | 裾 ju
4754 | 褓 bao
4755 | 褛 lv
4756 | 褴 lan
4757 | 褶 die,xi,zhe
4758 | 襁 qiang
4759 | 胥 xu
4760 | 矜 guan,jin,qin
4761 | 耦 ou
4762 | 聃 dan
4763 | 聆 ling
4764 | 聒 guo
4765 | 覃 qin,tan,yan
4766 | 颀 ken,qi
4767 | 颉 jia,jie,xie
4768 | 颌 ge,he,nan,qin
4769 | 颍 ying
4770 | 颏 hai,ke
4771 | 颔 han
4772 | 颚 e
4773 | 颢 hao
4774 | 颦 pin
4775 | 虔 qian
4776 | 虬 qiu
4777 | 虻 meng
4778 | 蚣 gong,zhong
4779 | 蚓 yin
4780 | 蚱 zha
4781 | 蚯 qiu
4782 | 蛐 qu
4783 | 蜓 dian,ting
4784 | 蛟 jiao
4785 | 蜃 shen
4786 | 蜈 wu
4787 | 蜻 jing,qing
4788 | 蜥 xi
4789 | 蜚 bei,fei,pei
4790 | 蜷 juan,quan
4791 | 蜿 wan
4792 | 螂 lang
4793 | 蝠 fu
4794 | 蝌 ke
4795 | 蝙 bian,pian
4796 | 蟒 mang,meng
4797 | 蟆 ma,mo
4798 | 螃 bang,pang
4799 | 螳 tang
4800 | 蟋 xi
4801 | 蟑 zhang
4802 | 蟀 shuai
4803 | 蟠 fan,pan
4804 | 蟾 chan
4805 | 蠊 lian
4806 | 蠡 li,luo
4807 | 蠹 du
4808 | 罂 ying
4809 | 罄 qing
4810 | 罅 xia
4811 | 舐 shi
4812 | 竺 du,zhu
4813 | 竽 yu
4814 | 笈 ji
4815 | 笃 du
4816 | 笙 sheng
4817 | 笠 li
4818 | 笳 jia
4819 | 笞 chi
4820 | 筵 yan
4821 | 筝 zheng
4822 | 筠 jun,yun
4823 | 筱 xiao
4824 | 箧 qie
4825 | 箸 zhu,zhuo
4826 | 箝 qian
4827 | 箫 xiao
4828 | 箴 jian,zhen
4829 | 篑 kui
4830 | 篁 huang
4831 | 篝 gou
4832 | 簌 su
4833 | 簪 zan
4834 | 簸 bo
4835 | 籁 lai
4836 | 臾 kui,yong,yu
4837 | 臬 nie
4838 | 舢 shan
4839 | 舫 fang
4840 | 舸 ge
4841 | 艄 shao
4842 | 衾 qin
4843 | 袅 niao
4844 | 袈 jia
4845 | 裘 qiu
4846 | 裟 sha
4847 | 羲 xi
4848 | 粲 can
4849 | 粼 lin
4850 | 粽 zong
4851 | 糅 rou
4852 | 艮 gen,hen
4853 | 暨 ji,jie
4854 | 羿 yi
4855 | 翎 ling
4856 | 翕 xi
4857 | 翡 fei
4858 | 翦 jian
4859 | 翩 pian
4860 | 翳 yi
4861 | 綦 qi
4862 | 赳 jiu
4863 | 趄 ju,qie
4864 | 赧 nan
4865 | 赭 zhe
4866 | 酊 ding
4867 | 酰 xian
4868 | 酩 ming
4869 | 酯 zhi
4870 | 醮 jiao,qiao,zhan
4871 | 醴 li
4872 | 醺 xun
4873 | 豕 shi
4874 | 踅 chi,xue
4875 | 蹙 cu
4876 | 蹩 bie
4877 | 跄 qiang
4878 | 跚 shan
4879 | 跎 tuo
4880 | 跛 bi,bo,po
4881 | 跷 qiao
4882 | 跻 ji
4883 | 跤 jiao,qiao
4884 | 踉 lang,liang
4885 | 踝 huai
4886 | 踮 dian,die
4887 | 踹 chuai,chuan,duan,shuan
4888 | 踵 zhong
4889 | 踽 ju
4890 | 踱 chuo,duo
4891 | 蹉 cuo
4892 | 蹂 rou
4893 | 蹑 nie
4894 | 蹒 liang,man,pan
4895 | 蹊 qi,xi
4896 | 蹶 gui,jue
4897 | 蹴 cu,jiu,zu
4898 | 躅 zhu,zhuo
4899 | 躏 lin
4900 | 貂 diao
4901 | 斛 hu
4902 | 觞 shang
4903 | 觥 gong
4904 | 靓 jing,liang
4905 | 雳 li
4906 | 雯 wen
4907 | 霆 ting
4908 | 霁 ji
4909 | 霈 pei
4910 | 霏 fei
4911 | 霎 sha
4912 | 霭 ai
4913 | 霾 li,mai
4914 | 龇 chai,zi
4915 | 龊 chuo
4916 | 龌 wo
4917 | 隼 sun
4918 | 隽 juan,jun
4919 | 瞿 ji,ju,qu
4920 | 銮 luan
4921 | 鑫 xin,xun
4922 | 鲈 lu
4923 | 稣 su
4924 | 鲨 sha
4925 | 鲫 ji,zei
4926 | 鲲 kun
4927 | 鳄 e
4928 | 鳅 qiu
4929 | 鳌 ao
4930 | 鳍 qi
4931 | 鳏 guan,gun,kun
4932 | 鳗 man
4933 | 鳝 shan
4934 | 鞑 da,ta
4935 | 骰 gu,tou
4936 | 骷 ku
4937 | 骼 ge
4938 | 髅 lou
4939 | 魅 mei
4940 | 魇 yan
4941 | 飨 xiang
4942 | 饕 tao
4943 | 髦 mao
4944 | 髯 ran
4945 | 髻 ji
4946 | 髭 zi
4947 | 鬓 bin
4948 | 鬟 huan
4949 | 麽 ma,me,mo
4950 | 麾 hui
4951 | 麋 mi
4952 | 麒 qi
4953 | 鏖 ao,biao
4954 | 麝 she
4955 | 麟 lin
4956 | 黛 dai
4957 | 黜 chu
4958 | 黝 yi,you
4959 | 黠 xia
4960 | 黯 an
4961 | 鼾 han
4962 | 吶 na,ne,nuo
4963 | 啰 luo
4964 | 姮 heng
4965 | 婠 guan,wan
4966 | 嫚 man,yuan
4967 | 崓 gu
4968 | 廈 sha,xia
4969 | 廝 si
4970 | 廣 guang,kuang
4971 | 廱 yong
4972 | 弜 jiang
4973 | 弝 ba
4974 | 弨 chao
4975 | 彙 hui
4976 | 拋 pao
4977 | 汃 bin,pa
4978 | 湜 shi
4979 | 滜 gao,hao,ze
4980 | 濛 meng
4981 | 獏 mao,mu
4982 | 玥 yue
4983 | 珣 xun
4984 | 珮 pei
4985 | 琍 li
4986 | 琭 lu
4987 | 皝 huang
4988 | 祐 you
4989 | 綄 huan,wan
4990 | 袊 ling
4991 | 镕 rong
4992 | 鞬 jian
4993 | 鷁 yi
4994 |
--------------------------------------------------------------------------------