当用户提交的数据中包含关键字符,例如< > . & " 等字符,必须对这些字符进行转码,否则在jsp页面显示这些字符时,会以html的语法解析这类字符
这里使用Servlet中的Filter解决特殊字符的转码
代码如下
//Html文本过滤器
/*
* 如果客户计较的数据是一段html文本或者javascript脚本,传给后台后在页面显示浏览器会自动执行这段脚本,
* 所以要将客户提交的html文本的请求参数转码后提交给后台
*
* */
public class HtmlFilter implements Filter {
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
//自定义的MyRequest,增强HttpServletRequest
chain.doFilter(new MyRequest(request), response);
}
//增强request,HttpServletRequestWrapper是默认的HttpServletRequest的增强类
class MyRequest extends HttpServletRequestWrapper{
private HttpServletRequest request;
public MyRequest(HttpServletRequest request) {
super(request);
this.request = request;
}
@Override
public String getParameter(String name) {
String value = this.request.getParameter(name);
if(value == null){
return null;
}
value = this.HtmlFilter(value);
System.out.println(value);
//返回转码后的提交数据
return value;
}
//apache-tomcat-6.0.20\webapps\examples\WEB-INF\classes /utils 中的示例代码
//将< > & " 关键字转码,如果客户提交了一段html/javascript代码,可将其中的关键字转码
public String HtmlFilter(String message) {
if (message == null)
return (null);
char content[] = new char[message.length()];
message.getChars(0, message.length(), content, 0);
StringBuffer result = new StringBuffer(content.length + 50);
for (int i = 0; i < content.length; i++) {
switch (content[i]) {
case '<':
result.append("<");
break;
case '>':
result.append(">");
break;
case '&':
result.append("&");
break;
case '"':
result.append(""");
break;
default:
result.append(content[i]);
}
}
return (result.toString());
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}