java防止XSS攻击,脚本注入

版权声明:有不足之处欢迎指出,欢迎交流 https://blog.csdn.net/qq_33594101/article/details/77511561

Step1:自定义封装request

package com.tsou.comm.servlet;

import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
/**
 *
 * 功能:封装的请求处理特殊字符
 */
public class TsRequest extends HttpServletRequestWrapper {
           private Map params;

           public TsRequest(HttpServletRequest request, Map newParams) {
                    super(request);
                    this.params = newParams;
          }

           public Map getParameterMap() {
                    return params ;
          }

           public Enumeration getParameterNames() {
                    Vector l = new Vector( params.keySet());
                    return l.elements();
          }

           public String[] getParameterValues(String name) {
                   Object v = params.get(name);
                    if (v == null ) {
                              return null ;
                   } else if (v instanceof String[]) {
                             String[] value = (String[]) v;
                              for (int i = 0; i < value.length; i++) {
                                      value[i] = value[i].replaceAll( "<", "&lt;" );
                                      value[i] = value[i].replaceAll( ">", "&gt;" );
                             }
                              return (String[]) value;
                   } else if (v instanceof String) {
                             String value = (String) v;
                             value = value.replaceAll( "<", "&lt;" );
                             value = value.replaceAll( ">", "&gt;" );
                              return new String[] { (String) value };
                   } else {
                              return new String[] { v.toString() };
                   }
          }

           public String getParameter(String name) {
                   Object v = params.get(name);
                    if (v == null ) {
                              return null ;
                   } else if (v instanceof String[]) {
                             String[] strArr = (String[]) v;
                              if (strArr.length > 0) {
                                      String value = strArr[0];
                                      value = value.replaceAll( "<", "&lt;" );
                                      value = value.replaceAll( "<", "&gt;" );
                                       return value;
                             } else {
                                       return null ;
                             }
                   } else if (v instanceof String) {
                             String value = (String) v;
                             value = value.replaceAll( "<", "&lt;" );
                             value = value.replaceAll( ">", "&gt;" );
                              return (String) value;
                   } else {
                              return v.toString();
                   }
          }
}

Step2:设置过滤器

package com.tsou.comm.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import com.tsou.comm.servlet.TsRequest;
/**
 *
 * 功能:特殊字符过滤器
 */
public class CharacterFilter implements Filter{

           @Override
           public void destroy() {
          }

           @Override
           public void doFilter(ServletRequest req, ServletResponse res,
                             FilterChain chain) throws IOException, ServletException {
                   HttpServletRequest request = (HttpServletRequest)req;
                   TsRequest wrapRequest= new TsRequest(request,request.getParameterMap());
                   chain.doFilter(wrapRequest, res);
          }

           @Override
           public void init(FilterConfig arg0) throws ServletException {
          }
}

Step3:拦截URL

    <filter>
                    <filter-name> characterFilter</filter-name >
                     <filter-class> com.tsou.comm.filter.CharacterFilter</filter-class >
           </filter>
           <filter-mapping>
                    <filter-name> characterFilter</filter-name >
                    <url-pattern> /*</ url-pattern>
           </filter-mapping>
展开阅读全文

没有更多推荐了,返回首页