过滤特殊字符

SpringMVC框架
利用拦截器实现在执行方法之前判断过滤特殊字符防止跨站攻击

import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

public class FilterWord implements HandlerInterceptor{

@Override
public void afterCompletion(HttpServletRequest arg0,
HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub

}

@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
// TODO Auto-generated method stub

}

@Override
public boolean preHandle(HttpServletRequest rq, HttpServletResponse rs,
Object arg2) throws Exception {
word(rq, rs);
return true;
}

public Boolean word(HttpServletRequest rq,HttpServletResponse rs) throws IOException{
// rq.getc
String[] word = new String[]{"|","&",";","$","%","@","'","\"","<>","()","+","CR","LF",",",".","script","document","eval","SELECT","FROM","UPDATE","DELETE","UNION","WHERE"};
String parakey;
String paravalue;
for(int i=0;i<word.length;i++){



Map map=rq.getParameterMap();
Set key = map.keySet();
for(Object aaa: key.toArray()){
parakey = aaa.toString();
paravalue = ((String[])map.get(aaa))[0];
if(((aaa.toString().indexOf(word[i])>-1))||(paravalue.indexOf(word[i])>-1)){
rs.sendRedirect(rq.getContextPath()+"/gxfjadmin_page/word/filter.do");//返回某个页面
return true;
}
}

}
return true;

}

}
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值