web.xml:
<filter>
<filter-name>XSSFiler</filter-name>
<filter-class>
com.paic.mall.web.filter.XssSecurityFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>XSSFiler</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSFiler</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSFiler</filter-name>
<url-pattern>*.screen</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSFiler</filter-name>
<url-pattern>*.shtml</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSFiler</filter-name>
<servlet-name>dispatcher</servlet-name>
</filter-mapping>
XssSecurityFilter.java
public class XssSecurityFilter implements Filter {
protected final Logger log = Logger.getLogger(this.getClass());
public void init(FilterConfig config) throws ServletException {
if(log.isInfoEnabled()){
log.info("XSSSecurityFilter Initializing ");
}
}
/**
* 销毁操作
*/
public void destroy() {
if(log.isInfoEnabled()){
log.info("XSSSecurityFilter destroy() end");
}
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest)request;
XssHttpRequestWrapper xssRequest = new XssHttpRequestWrapper(httpRequest);
httpRequest = XssSecurityManager.wrapRequest(xssRequest);
chain.doFilter(xssRequest, response);
}
}
XssHttpRequestWrapper.java
/**
* @author
* @date
* @describe 主要是对参数进行xss过滤&#x