转自:http://hi.baidu.com/magicdetective/blog/item/7aaa291f016709cda68669f3.html 特殊字符替换过滤器 public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; Map map = req.getParameterMap(); Set set = map.entrySet(); if(map!= null) { for(Iterator it = set.iterator();it.hasNext();) { Map.Entry entry = (Entry) it.next(); if(entry.getValue() instanceof String[]) { String[] values = (String[]) entry.getValue(); //HtmlUtil是spring中类文件. for(int i = 0 ; i < values.length ; i++) values[i] = HtmlUtils.htmlEscape(values[i]); entry.setValue(values); } } } filterChain.doFilter(request, response);