在表单提交文本时,文本内容本身可能就是一段html格式内容,因此要是不做转义直接显示在网页上时,将会被当做一段html文本进行显示,这就和本身提交的内容不符,因此可以对request对象进行增强,是提交的数据按其原格式进行显示。下面是个MyHtmlRequest包装类,其中filter方法是tomcat中HtmlFilter.java里的一段源码。
public class MyHtmlRequest extends HttpServletRequestWrapper {
private HttpServletRequest request;
public MyHtmlRequest(HttpServletRequest request) {
super(request);
// TODO Auto-generated constructor stub
this.request = request;
}
/* (non-Javadoc)
* @see javax.servlet.ServletRequestWrapper#getParameter(java.lang.String)
*/
@Override
public String getParameter(String name) {
// TODO Auto-generated method stub
String value = request.getParameter(name);
if(value==null){
return null;
}
return filter(value);
}
public String filter(String message) {
if (message == null)
return (null);
char content[] = new char[message.length()];
message.getChars(0, message.length(), content, 0);
StringBuilder result = new StringBuilder(content.length + 50);
for (int i = 0; i < content.length; i++) {
switch (content[i]) {
case '<':
result.append("<");
break;
case '>':
result.append(">");
break;
case '&':
result.append("&");
break;
case '"':
result.append(""");
break;
default:
result.append(content[i]);
}
}
return (result.toString());
}
}
Filter:
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
MyHtmlRequest myReq = new MyHtmlRequest(request);
chain.doFilter(myReq, response);
}