- XSS漏洞解决方案之一:过滤器
<!-- 解决xss漏洞 --> <filter> <filter-name>xssFilter</filter-name> <filter-class>com.baidu.rigel.sandbox.core.filter.XSSFilter</filter-class> </filter> <!-- 解决xss漏洞 --> <filter-mapping> <filter-name>xssFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 解决xss漏洞 --> <filter> <filter-name>xssFilter</filter-name> <filter-class>com.baidu.rigel.sandbox.core.filter.XSSFilter</filter-class> </filter> <!-- 解决xss漏洞 --> <filter-mapping> <filter-name>xssFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
二:过滤器:XSSFilter.java
package com.rigel.sandbox.core.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import com.rigel.sandbox.core.util.XssHttpServletRequestWrapper; public class XSSFilter implements Filter {