zoukankan html css js c++ java

servlet Filter过滤javascript

新建HttpServletRequestWrapper子类XssHttpServletRequestWrapper

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
	public XssHttpServletRequestWrapper(HttpServletRequest request){
		super(request);
	}

	public String[] getParameterValues(String parameter){
		String[] values = super.getParameterValues(parameter);
		if(values==null){
			return null;
		}
		int count = values.length;
		String[] encodedValues = new String[count];
		for (int i = 0;i<count;i++){
			encodedValues[i] = this.cleanXss(values[i]);
		}
		return encodedValues;
	}

	public String getParameter(String parameter){
		String value = super.getParamerter(parameter);
		if(valuee == null){
			return null;
		}
		return cleanXss(value);
	}

	private String cleanXss(String value){
		value = value.replaceAll("<","&lt").replaceAll(">","&gt");
		value = value.replaceAll("script","");
		return value;
	}
}

在Fileter中调用

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class HttpMethodFilter implements Filter {
    public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws IOException,ServletException {
        HttpServletRequest hsreq = (HttpServletResponse) request;
        HttpServletResponse hsrep = (HttpServletResponse) response;
        chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request),response);
    }
}

查看全文

相关阅读:
NET 4.+ & .NET CORE 高性能轻量级 ORM框架，众多.NET框架中最容易使用的数据库访问技术
 mvc cookie
正则表达式捕获带有属性的标签
 IT第十天
 代码段
 关于java.lang中String类的学习：最特殊的数据类型（持续整理中......）
关于String.concat()方法和StringBuffer.append()方法的学习：方法是如何追加字符到源字符串的
 关于String和StringBuffer的理解问题：指针、变量的声明、变量的值的变化
 关于字符串检索、关键词的搜索问题：已搜索过的部分不会再被纳入下次搜索的范围内
 IT第九天

原文地址：https://www.cnblogs.com/live365wang/p/5893597.html