===========================问题描述========================
跨站脚本注入的几种形式
*****="/><script>alert(document.cookie)</script>&passwd=&ok.x=28&ok.y=6
******="/><script>window.open("http://www.baidu.com")</script>
/document/ifr_list_managerHalfway.jsp?subFrame=managerHalfway&Page=2&Pages=2&Count=15&docsfrom="/><script>window.open("http://www.baidu.com")</script>
document/ifr_list_managerHalfway.jsp?docucode=&organiger=&manageEntityId=&Page=1&queryOwn=0&procstatus=&docsfrom=5&subFrame=managerHalfway&docsfrom=5&beginDate=&cbt=&procid=&cfwdw=&wenhao=%5C0%5C%22%5C%27%3E%3CScRiPt%3Ealert%28/shtec%2Bxss%2Btest/%29%3B%3C/ScRiPt%3E
document/ifr_list_managerHalfway.jsp?docucode=&organiger=&manageEntityId=&Page=1&queryOwn=0&procstatus=&docsfrom=5&subFrame=managerHalfway&docsfrom=5&beginDate=&cbt=&procid=&cfwdw="/><script>window.open("http://www.baidu.com")</script>&wenhao="/><script>window.open("http://www.baidu.com")</script>
以上的几种跨站点脚本注入会使页面非正常显示
===========================解决方案========================
1。增加一个request的转码过滤器=======================
package com.apusic.portal.sso;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.*;
import java.util.*;
/**
* Servlet Filter implementation class SqlEscapeFilter
*/
public class SqlEscapeFilter implements Filter {
/**
* Default constructor.
*/
public SqlEscapeFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
// place your code here
HttpServletRequest hreq = (HttpServletRequest)request;
Map map = hreq.getParameterMap();
Iterator itr = map.keySet().iterator();
while( itr.hasNext() )
{
String key = itr.next().toString();
String [] values = hreq.getParameterValues(key);
if( values != null )
{
for( int i = 0; i < values.length; i++ )
{
values[i] = cleanXSS(values[i]);
}
}
hreq.setAttribute(key, values);
}
// pass the request along the filter chain
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
private String cleanXSS(String value)
{
value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");
value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", ")");
value = value.replaceAll("'", "& #39;");
value = value.replaceAll("eval\\((.*)\\)", "");
value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
value = value.replaceAll("script", "");
return value;
}
}
2================================
web.xml
<filter>
<display-name>SqlEscapeFilter</display-name>
<filter-name>SqlEscapeFilter</filter-name>
<filter-class>com.apusic.portal.sso.SqlEscapeFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SqlEscapeFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>