Commit e149813a6d43481e1261622dca36ad9dae8325d7
1 parent
2ce4e310
加入xss过滤器,对html标签进行转义
Showing
2 changed files
with
62 additions
and
0 deletions
src/main/java/com/bsth/filter/XssFilter.java
0 → 100644
| 1 | +package com.bsth.filter; | ||
| 2 | + | ||
| 3 | +import java.io.IOException; | ||
| 4 | + | ||
| 5 | +import javax.servlet.FilterChain; | ||
| 6 | +import javax.servlet.ServletException; | ||
| 7 | +import javax.servlet.http.HttpServletRequest; | ||
| 8 | +import javax.servlet.http.HttpServletResponse; | ||
| 9 | + | ||
| 10 | +import org.springframework.stereotype.Component; | ||
| 11 | + | ||
| 12 | +@Component | ||
| 13 | +public class XssFilter extends BaseFilter{ | ||
| 14 | + | ||
| 15 | + @Override | ||
| 16 | + public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) | ||
| 17 | + throws IOException, ServletException { | ||
| 18 | + | ||
| 19 | + chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request), response); | ||
| 20 | + } | ||
| 21 | +} |
src/main/java/com/bsth/filter/XssHttpServletRequestWrapper.java
0 → 100644
| 1 | +package com.bsth.filter; | ||
| 2 | + | ||
| 3 | +import javax.servlet.http.HttpServletRequest; | ||
| 4 | +import javax.servlet.http.HttpServletRequestWrapper; | ||
| 5 | + | ||
| 6 | +import org.apache.commons.lang3.StringEscapeUtils; | ||
| 7 | + | ||
| 8 | +public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { | ||
| 9 | + public XssHttpServletRequestWrapper(HttpServletRequest request) { | ||
| 10 | + super(request); | ||
| 11 | + } | ||
| 12 | + | ||
| 13 | + @Override | ||
| 14 | + public String getHeader(String name) { | ||
| 15 | + return StringEscapeUtils.escapeHtml4(super.getHeader(name)); | ||
| 16 | + } | ||
| 17 | + | ||
| 18 | + @Override | ||
| 19 | + public String getQueryString() { | ||
| 20 | + return StringEscapeUtils.escapeHtml4(super.getQueryString()); | ||
| 21 | + } | ||
| 22 | + | ||
| 23 | + @Override | ||
| 24 | + public String getParameter(String name) { | ||
| 25 | + return StringEscapeUtils.escapeHtml4(super.getParameter(name)); | ||
| 26 | + } | ||
| 27 | + | ||
| 28 | + @Override | ||
| 29 | + public String[] getParameterValues(String name) { | ||
| 30 | + String[] values = super.getParameterValues(name); | ||
| 31 | + if (values != null) { | ||
| 32 | + int length = values.length; | ||
| 33 | + String[] escapseValues = new String[length]; | ||
| 34 | + for (int i = 0; i < length; i++) { | ||
| 35 | + escapseValues[i] = StringEscapeUtils.escapeHtml4(values[i]); | ||
| 36 | + } | ||
| 37 | + return escapseValues; | ||
| 38 | + } | ||
| 39 | + return super.getParameterValues(name); | ||
| 40 | + } | ||
| 41 | +} |