在文本框中输入&;<>/%=#等字符时,在处理页中会把这些字符过滤掉然后显示出过滤后的字符串
应用String类提供大的replaceAll()方法,过滤字符串中指定的子字符串
public String replaceAll(String regex,String replacement)
regex:表示需要替换的字符串
replacement:表示替换后的字符串
创建StringUtil的JavaBean类,实现过滤危险字符串的方法
public class StringUtil10 {
private String sourceStr; //源字符串
private String targetStr; //替换后的字符串
public String getSourceStr() {
return sourceStr;
}
public void setSourceStr(String sourceStr) {
this.sourceStr = sourceStr;
}
public String getTargetStr() {
sourceStr = sourceStr.replaceAll("&", "&"); //过滤字符&
sourceStr = sourceStr.replaceAll(";", ""); //过滤字符;
sourceStr = sourceStr.replaceAll("'", ""); //过滤字符'
sourceStr = sourceStr.replaceAll("<", "<"); //过滤字符<
sourceStr = sourceStr.replaceAll(">", ">"); //过滤字符>
sourceStr = sourceStr.replaceAll("/", ""); //过滤字符/
sourceStr = sourceStr.replaceAll("%", ""); //过滤字符%
sourceStr = sourceStr.replaceAll("=", ""); //过滤字符=
targetStr = sourceStr;
return targetStr;
}
public void setTargetStr(String targetStr) {
this.targetStr = targetStr;
}
}
创建index.jsp页面,输入表单信息
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="filterstr.jsp" method="post">
<table>
<tr>
<td align="right">请输入字符串:</td>
<td><input type="text" name="sourceStr" size="40"/></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="过滤"/></td>
</tr>
</table>
</form>
</body>
</html>
创建filterstr.jsp页。获取表单信息,过滤
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
request.setCharacterEncoding("UTF-8");
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>处理过滤</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
<style type="text/css">
table{
border: 1px solid;
border-color: green;
color: green;
font-size: 13px;
font-family: 华文细黑;
}
</style>
</head>
<body>
<%
String sourceStr = request.getParameter("sourceStr");
%>
<!-- 使用useBean动作标签导入JavaBean对象 -->
<jsp:useBean id="strBean" class="com.cn.zj.bean.StringUtil10"></jsp:useBean>
<!-- 对StringUtil类的longValue属性赋值 -->
<jsp:setProperty property="sourceStr" name="strBean" value="<%=sourceStr %>"/>
<table>
<tr>
<td>过滤之前的字符串:</td>
<td align="left">
<jsp:getProperty property="sourceStr" name="strBean"/>
</td>
</tr>
<tr >
<td>过滤之后的字符串:</td>
<td align="left">
<jsp:getProperty property="targetStr" name="strBean"/>
</td>
</tr>
</table>
</body>
</html>