filter过滤器实现特殊字符转义
<!-- 特殊字符转义或转换 -->
<filter>
<filter-name>XssFilter</filter-name>
<filter-class>cn.zsmy.interceptor.XssFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>XssFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
XssFilter.java
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
public class XssFilter implements Filter {
@Override
public void destroy() {
// to nothing
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { XssHttpServletRequestWraper xssRequest = new XssHttpServletRequestWraper((HttpServletRequest) request);
chain.doFilter(xssRequest, response);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// do nothing
}
}
XssHttpServletRequestWraper.java
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apachemons.lang.StringUtils;
public class XssHttpServletRequestWraper extends HttpServletRequestWrapper {
public XssHttpServletRequestWraper(HttpServletRequest request) {
super(request);
}
@Override
public String getParameter(String name) {
//Constants.MY_LOG.debug("getParameter----->转义处理");
//return Parameter(name));// 保留勿删
return Parameter(name));
}
@Override
public String getHeader(String name) {
//Constants.MY_LOG.debug("getHeader----->转义处理");
//return Header(name)); // 保留勿删
return Parameter(name));
}
@Override
public String[] getParameterValues(String name) {
//Constants.MY_LOG.debug("getParameterValues----->转义处理");
if(!StringUtils.isEmpty(name)){
String[] values = ParameterValues(name);
if(values != null && values.length > 0){
String[] newValues = new String[values.length];
for(int i =0; i< values.length; i++){
//newValues[i] = clearXss(values[i]);// 保留勿删
newValues[i] = xssEncode(values[i]);
}
return newValues;
}
}
return null;
}
/**
*
* 处理字符转义【勿删,请保留该注释代码】
* @param value
* @return
private String clearXss(String value){
if (value == null || "".equals(value)) {
return value;
}
value = placeAll("<", "<").replaceAll(">", ">");
value = placeAll("\\(", "(").replace("\\)", ")");
value = placeAll("'", "'");
replaceall()value = placeAll("eval\\((.*)\\)", "");
value = placeAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\""); value = place("script", "");
return value;
}*/
/**
* 将特殊字符替换为全⾓
* @param s
* @return
*/
private String xssEncode(String s) {
if (s == null || s.isEmpty()) {
return s;
}
StringBuilder sb = new StringBuilder();
for (int i = 0; i < s.length(); i++) {
char c = s.charAt(i);
switch (c) {
case '>':
sb.append('>');// 全⾓⼤于号
break;
case '<':
sb.append('<');// 全⾓⼩于号
break;
case '\'':
sb.append('‘');// 全⾓单引号
break;
case '\"':
sb.append('“');// 全⾓双引号
break;
case '&':
sb.append('&');// 全⾓&
break;
case '\\':
sb.append('\');// 全⾓斜线
break;
case '/':
sb.append('/');// 全⾓斜线
break;
case '#':
sb.append('#');// 全⾓井号
break;
case '(':
sb.append('(');// 全⾓(号
break;
case ')':
sb.append(')');// 全⾓)号
break;
default:
sb.append(c);
break;
}
}
String();
} }
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论