response.setHeader("P3P","CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"");
boolean needRedirect = false;
String uri = request.getRequestURI();
String destUrl = "";
Enumeration<String> paramNames = request.getParameterNames();
while(paramNames.hasMoreElements())
{
String val = paramNames.nextElement();
val = request.getParameter(val);
logger.debug("攻击检测: " + val);
if(val != null)
{
String asciiVal = new String(val.getBytes(), "ASCII");
if(asciiVal.toLowerCase().indexOf("<script>") >= 0)
{
logger.info("可能有脚本攻击,传入值["+val+"],拒绝服务!");
return;
}
}
}
防止脚本注入
最新推荐文章于 2023-05-09 09:15:37 发布