递归获取Object的value值，并改变

方法：

//判断类型 走不同的方法
	public static void changeData(Object data){
		if(data instanceof List){
			for (int i=0; i<((List) data).size();i++){
				Object oTemp = ((List) data).get(i);
				if(oTemp instanceof String){
					((List) data).set(i,ESAPI.encoder().encodeForHTML((String)((List) data).get(i)));
				}else if(oTemp instanceof List || oTemp instanceof Map || oTemp instanceof PagedResult){
					changeData(((List) data).get(i));
				}else{
					((List) data).set(i,getObj(((List) data).get(i)));
				}
			}
		}

		if(data instanceof Map){
			Iterator it = ((Map)data).entrySet().iterator();
			while (it.hasNext()) {
				Map.Entry entry = (Map.Entry) it.next();
				Object value = entry.getValue();
				if(value instanceof String  && value!=null){
					entry.setValue(ESAPI.encoder().encodeForHTML((String)value));
				}else if(value instanceof List || value instanceof Map || value instanceof PagedResult){
					changeData(value);
				}else{
					entry.setValue(getObj(value));
				}
			}
		}
		if(data instanceof PagedResult){
			List<Object> newlist = new ArrayList<>();
			List<T> list = ((PagedResult) data).getList();
			for (int i=0; i<list.size();i++){
				Object obj = JSONObject.toJSON(list.get(i));//将对象转化为json格式对象
				Iterator it = ((JSONObject) obj).entrySet().iterator();
				while (it.hasNext()) {
					Map.Entry entry = (Map.Entry) it.next();
					Object value = entry.getValue();
					if(value instanceof String && value!=null){
						entry.setValue(ESAPI.encoder().encodeForHTML((String)value));
					}else{
						changeData(value);
					}
				}
				newlist.add(obj);
			}
			((PagedResult) data).setList(newlist);
		}
	}

//	如果是个对象，那么就将对象的值进行转换，并返回
	public static  Object getObj(Object data){
		if(data == null || data instanceof Long || data instanceof Integer || data instanceof String || data instanceof Date
				|| data instanceof Boolean || data instanceof Float || data instanceof Double || data instanceof Map || data instanceof List){
			return data;
		}
		try {
			Object obj = JSONObject.toJSON(data);//将对象转化为json格式对象
			Iterator it = ((JSONObject) obj).entrySet().iterator();
			while (it.hasNext()) {
				Map.Entry entry = (Map.Entry) it.next();
				Object value = entry.getValue();
				if(value!=null){
					if(value instanceof String){
						entry.setValue(ESAPI.encoder().encodeForHTML((String)value));
					}else{
						changeData(value);
					}
				}
			}
			if(((JSONObject) obj).size()>0){
				data = obj;
			}
		}catch (Exception e){
		}
		return data;
	}

　　测试：

public static void main(String[] args) {



		Object ob = new Object();
		Map<String, Object> m = new HashMap<>();
		m.put("1", "1<>");
		m.put("2", "2");
		m.put("3", "3");
		m.put("4", "4");
		m.put("3", "2");


		List<List<String>> list = new ArrayList<>();
		List<String> l = new ArrayList<>();
		l.add("a");
		l.add("a");
		l.add("a");
		l.add("a");
		for (int i = 0; i < l.size(); i++) {
			l.set(i, "b<>");
		}
		list.add(l);
		m.put("list", list);
		String s = "fds<>";


		PagedResult<AlarmM> pagedResult = new PagedResult<AlarmM>();
		List<AlarmM> lists = new ArrayList<>();
		AlarmM am = new AlarmM();
		am.setAlarmId(1l);
		am.setAlarmName("发送<script>alert('x我是一个小帅哥 afdafdafsadfss')</script>惹我热无a");
		am.setAlarmTypeName("发送<script>alert('x我是一个小帅哥 afdafdafsadfss')</script>惹我热无a");
		lists.add(am);
		pagedResult.setList(lists);

		


		ob = pagedResult;
		System.out.println(ob.toString());
//		result.put("ddd","fdsf");
		changeData(ob);
		System.err.println(ob.toString());
	}