XSS概述
跨站脚本攻击(Cross Site Scripting),缩写为XSS。恶意攻击者往Web页面里插入恶意Script代码,当用户浏览该页之时,嵌入其中Web里面的Script代码会被执行,从而达到恶意攻击用户的目的。
实现Filter,实现XSS过滤器
package com.bj58.qf.filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
/**
* Created with IntelliJ IDEA.
*
* @author: zhubo
* @description: 防止XSS注入攻击Filter过滤器
* @time: 2018年05月02日
* @modifytime:
*/
public class XSSFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//对请求进行拦截,防xss处理
chain.doFilter(new XSSRequestWrapper((HttpServletRequest) request),response);
}
@Override
public void destroy() {
}
}
继承HttpServletRequestWrapper,实现对请求参数的过滤
package com.bj58.qf.filter;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.ni