1.为什么会产生XSS攻击
用户提交用户信息时提交 <script>xxx</script>
例子1 username 输入<script>alert("123")</script>
例子2 username 输入<script>alert("location.href='http.www.xxx.com'")</script>
2. 怎么解决XSS攻击?
将脚本转义然后html进行展示
举例:
package com.sunlala.controller;
import org.apache.commons.lang3.StringEscapeUtils;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.support.HttpRequestWrapper;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.util.Optional;
/**
* Author:SunLala
* Date: 2022/1/15
* 功能描述:()
*/
public class XssHttpServletReqquest extends HttpServletRequestWrapper {
private HttpServletRequest request;
public XssHttpServletReqquest(HttpServletRequest request) {
super(request);
this.request=reques