importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletRequestWrapper;importorg.apache.commons.lang.StringUtils;public class XssHttpServletRequestWraper extendsHttpServletRequestWrapper {publicXssHttpServletRequestWraper(HttpServletRequest request) {super(request);
}
@OverridepublicString getParameter(String name) {//Constants.MY_LOG.debug("getParameter----->转义处理");//return clearXss(super.getParameter(name));//保留勿删
return xssEncode(super.getParameter(name));
}
@OverridepublicString getHeader(String name) {//Constants.MY_LOG.debug("getHeader----->转义处理");//return clearXss(super.getHeader(name));//保留勿删
return xssEncode(super.getParameter(name));
}
@OverridepublicString[] getParameterValues(String name) {//Constants.MY_LOG.debug("getParameterValues----->转义处理");
if(!StringUtils.isEmpty(name)){
String[] values= super.getParameterValues(name);if(values != null && values.length > 0){
String[] newValues= newString[values.length];for(int i =0; i< values.length; i++){//newValues[i] = clearXss(values[i]);//保留勿删
newValues[i] =xssEncode(values[i]);
}returnnewValues;
}
}return null;
}/***
* 处理字符转义【勿删,请保留该注释代码】
*@paramvalue
*@returnprivate String clearXss(String value){
if (value == null || "".equals(value)) {
return value;
}
value = value.replaceAll("", ">");
value = value.replaceAll("\\(", "(").replace("\\)", ")");
value = value.replaceAll("‘", "'");
value = value.replaceAll("eval\\((.*)\\)", "");
value = value.replaceAll("[\\\"\\\‘][\\s]*javascript:(.*)[\\\"\\\‘]", "\"\"");
value = value.replace("script", "");
return value;
}*/
/*** 将特殊字符替换为全角
*@params
*@return
*/
privateString xssEncode(String s) {if (s == null ||s.isEmpty()) {returns;
}
StringBuilder sb= newStringBuilder();for (int i = 0; i < s.length(); i++) {char c =s.charAt(i);switch(c) {case ‘>‘:
sb.append(‘>‘);//全角大于号
break;case ‘
sb.append(‘<‘);//全角小于号
break;case ‘\‘‘:
sb.append(‘‘‘);//全角单引号
break;case ‘\"‘:
sb.append(‘“‘);//全角双引号
break;case ‘&‘:
sb.append(‘&‘);//全角&
break;case ‘\\‘:
sb.append(‘\‘);//全角斜线
break;case ‘/‘:
sb.append(‘/‘);//全角斜线
break;case ‘#‘:
sb.append(‘#‘);//全角井号
break;case ‘(‘:
sb.append(‘(‘);//全角(号
break;case ‘)‘:
sb.append(‘)‘);//全角)号
break;default:
sb.append(c);break;
}
}returnsb.toString();
}
}