Commit e149813a6d43481e1261622dca36ad9dae8325d7
1 parent
2ce4e310
加入xss过滤器,对html标签进行转义
Showing
2 changed files
with
62 additions
and
0 deletions
src/main/java/com/bsth/filter/XssFilter.java
0 → 100644
| 1 | +package com.bsth.filter; | |
| 2 | + | |
| 3 | +import java.io.IOException; | |
| 4 | + | |
| 5 | +import javax.servlet.FilterChain; | |
| 6 | +import javax.servlet.ServletException; | |
| 7 | +import javax.servlet.http.HttpServletRequest; | |
| 8 | +import javax.servlet.http.HttpServletResponse; | |
| 9 | + | |
| 10 | +import org.springframework.stereotype.Component; | |
| 11 | + | |
| 12 | +@Component | |
| 13 | +public class XssFilter extends BaseFilter{ | |
| 14 | + | |
| 15 | + @Override | |
| 16 | + public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) | |
| 17 | + throws IOException, ServletException { | |
| 18 | + | |
| 19 | + chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request), response); | |
| 20 | + } | |
| 21 | +} | ... | ... |
src/main/java/com/bsth/filter/XssHttpServletRequestWrapper.java
0 → 100644
| 1 | +package com.bsth.filter; | |
| 2 | + | |
| 3 | +import javax.servlet.http.HttpServletRequest; | |
| 4 | +import javax.servlet.http.HttpServletRequestWrapper; | |
| 5 | + | |
| 6 | +import org.apache.commons.lang3.StringEscapeUtils; | |
| 7 | + | |
| 8 | +public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { | |
| 9 | + public XssHttpServletRequestWrapper(HttpServletRequest request) { | |
| 10 | + super(request); | |
| 11 | + } | |
| 12 | + | |
| 13 | + @Override | |
| 14 | + public String getHeader(String name) { | |
| 15 | + return StringEscapeUtils.escapeHtml4(super.getHeader(name)); | |
| 16 | + } | |
| 17 | + | |
| 18 | + @Override | |
| 19 | + public String getQueryString() { | |
| 20 | + return StringEscapeUtils.escapeHtml4(super.getQueryString()); | |
| 21 | + } | |
| 22 | + | |
| 23 | + @Override | |
| 24 | + public String getParameter(String name) { | |
| 25 | + return StringEscapeUtils.escapeHtml4(super.getParameter(name)); | |
| 26 | + } | |
| 27 | + | |
| 28 | + @Override | |
| 29 | + public String[] getParameterValues(String name) { | |
| 30 | + String[] values = super.getParameterValues(name); | |
| 31 | + if (values != null) { | |
| 32 | + int length = values.length; | |
| 33 | + String[] escapseValues = new String[length]; | |
| 34 | + for (int i = 0; i < length; i++) { | |
| 35 | + escapseValues[i] = StringEscapeUtils.escapeHtml4(values[i]); | |
| 36 | + } | |
| 37 | + return escapseValues; | |
| 38 | + } | |
| 39 | + return super.getParameterValues(name); | |
| 40 | + } | |
| 41 | +} | ... | ... |