a3_index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="a3_do_word.jsp" method="post">
<table border="1" rules="rows">
<tr height="30">
<td>留 言 者:</td>
<td><input type="text" name="author" size="20"></td>
</tr>
<tr height="30">
<td>留言标题:</td>
<td><input type="text" name="title" size="35"></td>
</tr>
<tr>
<td>留言内容:</td>
<td><textarea name="content" rows="8" cols="34"></textarea></td>
</tr>
<tr align="center" height="30">
<td colspan="2">
<input type="submit" value="提交">
<input type="reset" value="重置">
</td>
</table>
</form>
</body>
</html>
a3_do_word.jsp
<%@page import="cn.demo.one.javabean.MyTools"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<%
request.setCharacterEncoding("utf-8");
String title = request.getParameter("title");
String content = request.getParameter("content");
%>
<h3>标题:<%=title %></h3>
<h3>内容:<%=content %></h3>
</body>
</html>
我们发现,当在留言内容中写了超链接的话进行提交,提交出来的是一个超链接,而不是文本内容,这样很不安全,那么怎么进行修改呢,这就使用到了javabean
方案一:(不使用javabean)
a3_do_word.jsp
<%@page import="cn.demo.one.javabean.MyTools"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<%
request.setCharacterEncoding("utf-8");
String title = request.getParameter("title");
String content = request.getParameter("content");
content = content.replace("<", "<");
content = content.replace(">", ">");
%>
<h3>标题:<%=title %></h3>
<h3>内容:<%=content %></h3>
</body>
</html>
方案二:(使用javabean)
a3_do_word.jsp
<%@page import="cn.demo.one.javabean.MyTools"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<%
request.setCharacterEncoding("utf-8");
String title = request.getParameter("title");
String content = request.getParameter("content");
content = MyTools.change(content);
%>
<h3>标题:<%=title %></h3>
<h3>内容:<%=content %></h3>
</body>
</html>
MyTools.java
package cn.demo.one.javabean;
public class MyTools {
public static String change(String str) {
str = str.replace("<", "<");
str = str.replace(">", ">");
return str;
}
}