应测试的要求,对所有带特殊字符的URL进行拦截,这里写了一个拦截器
1、拦截特殊字符,设置拦截的正则表达式,这里拦截<>\"“”*这些特殊字符
String SPECIALS_REG = "[><\\”\\“\"\\\\*]{1,}";
2、判断URL中是否有特殊字符
public static boolean checkSpecials(HttpServletRequest request){
try {
String urls = request.getQueryString();
if(StringUtils.isNotEmpty(urls)){
//url参数转义
urls = URLDecoder.decode(urls, "utf-8");
String SPECIALS_REG = "[><\\”\\“\"\\\\*]{1,}";
Pattern p = Pattern.compile(SPECIALS_REG);
Pattern p = Pattern.compile(reg);
Matcher m = p.matcher(urls);
if(m.find()){
return true;
}
}
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return false;
}
3、写拦截器
public class SpecialsInterceptor implements HandlerInterceptor{
@Override
public boolean preHandle(HttpS