Servlet过滤字符串的HTML特殊字符
2014-09-05 09:22
483 查看
(1)在一些情况下我们在用户输入数据的时候我们要判断一下是否合法,就是要过滤一下用户输入的信息是否含有特殊字符;
(2)直接上代码,以供大家参考学习:
ServletUtilities类:
package com.lc.ch04Biaodanshuju;
import javax.servlet.http.HttpServletRequest;
public class ServletUtilities {
public static String filter(String input) {
if (!hasSpecialChars(input)) {
return(input);
}
StringBuffer filtered = new StringBuffer(input.length());
char c;
for(int i=0; i<input.length(); i++) {
c = input.charAt(i);
switch(c) {
case '<': filtered.append("<"); break;
case '>': filtered.append(">"); break;
case '"': filtered.append("""); break;
case '&': filtered.append("&"); break;
default: filtered.append(c);
}
}
return(filtered.toString());
}
private static boolean hasSpecialChars(String input) {
boolean flag = false;
if ((input != null) && (input.length() > 0)) {
char c;
for(int i=0; i<input.length(); i++) {
c = input.charAt(i);
switch(c) {
case '<': flag = true; break;
case '>': flag = true; break;
case '"': flag = true; break;
case '&': flag = true; break;
}
}
}
return(flag);
}
}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--
Front end to BadCodeServlet.
Taken from Core Servlets and JavaServer Pages 2nd Edition
from Prentice Hall and Sun Microsystems Press, http://www.coreservlets.com/. (C) 2003 Marty Hall; may be freely used or adapted.
-->
<HTML><HEAD><TITLE>Submit Code Sample</TITLE></HEAD>
<BODY BGCOLOR="#FDF5E6">
<CENTER>
<H1 ALIGN="CENTER">Submit Code Sample</H1>
<FORM ACTION="/servlet/coreservlets.BadCodeServlet">
Code:<BR>
<TEXTAREA ROWS="6" COLS="40" NAME="code"></TEXTAREA><P>
<INPUT TYPE="SUBMIT" VALUE="Submit Code">
</FORM>
</CENTER></BODY></HTML>
(2)直接上代码,以供大家参考学习:
ServletUtilities类:
package com.lc.ch04Biaodanshuju;
import javax.servlet.http.HttpServletRequest;
public class ServletUtilities {
public static String filter(String input) {
if (!hasSpecialChars(input)) {
return(input);
}
StringBuffer filtered = new StringBuffer(input.length());
char c;
for(int i=0; i<input.length(); i++) {
c = input.charAt(i);
switch(c) {
case '<': filtered.append("<"); break;
case '>': filtered.append(">"); break;
case '"': filtered.append("""); break;
case '&': filtered.append("&"); break;
default: filtered.append(c);
}
}
return(filtered.toString());
}
private static boolean hasSpecialChars(String input) {
boolean flag = false;
if ((input != null) && (input.length() > 0)) {
char c;
for(int i=0; i<input.length(); i++) {
c = input.charAt(i);
switch(c) {
case '<': flag = true; break;
case '>': flag = true; break;
case '"': flag = true; break;
case '&': flag = true; break;
}
}
}
return(flag);
}
}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--
Front end to BadCodeServlet.
Taken from Core Servlets and JavaServer Pages 2nd Edition
from Prentice Hall and Sun Microsystems Press, http://www.coreservlets.com/. (C) 2003 Marty Hall; may be freely used or adapted.
-->
<HTML><HEAD><TITLE>Submit Code Sample</TITLE></HEAD>
<BODY BGCOLOR="#FDF5E6">
<CENTER>
<H1 ALIGN="CENTER">Submit Code Sample</H1>
<FORM ACTION="/servlet/coreservlets.BadCodeServlet">
Code:<BR>
<TEXTAREA ROWS="6" COLS="40" NAME="code"></TEXTAREA><P>
<INPUT TYPE="SUBMIT" VALUE="Submit Code">
</FORM>
</CENTER></BODY></HTML>
package com.lc.ch04Biaodanshuju; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class BadCodeServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "Code Sample"; String docType = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " + "Transitional//EN\">\n"; out.println(docType + "<HTML>\n" + "<HEAD><TITLE>" + title + "</TITLE></HEAD>\n" + "<BODY BGCOLOR=\"#FDF5E6\">\n" + "<H1 ALIGN=\"CENTER\">" + title + "</H1>\n" + "<PRE>\n" + getCode(request) + "</PRE>\n" + "Now, wasn't that an interesting sample\n" + "of code?\n" + "</BODY></HTML>"); } protected String getCode(HttpServletRequest request) { return(request.getParameter("code")); } }
相关文章推荐
- .net 字符串过滤标记(包括HTML,脚本,数据库关键字,特殊字符的源码)
- 字符串内特殊字符在html_javascript_xml等内使用时的转换 ,"缺少十六进制数字"错误的处理
- java 过滤html特殊字符
- 使用正则表达式过滤字符串中的特殊字符
- lua中字符串过滤表情及特殊字符
- java 使用正则来过滤字符串中的特殊字符
- ASP几个函数(返回汉字首字拼音/过滤HTML字符/检查组件是否已经安装/过滤特殊字符)
- html拼接字符串中特殊字符(‘ “ 等的转义问题)
- jQuery过滤特殊字符及JS字符串转为数字
- 过滤字符串中的HTML字符
- C#创建目录,文件名过滤特殊字符串,非法字符
- 将用户输入的字符串转换为可换行、替换Html编码、无危害数据库特殊字符、去掉首尾空白、的安全方便代码
- jquery过滤特殊字符及js字符串转为数字
- C# 过滤HTML,脚本,数据库关键字,特殊字符
- 字符串操作(人民币转成大写/全角字符转半角字符/去掉字符串中重复的子字符串/过滤常见特殊字符/反过滤特殊字符/判断是不是合法手机/字符串匹配的算法)
- java 使用正则来过滤字符串中的特殊字符
- iOS 过滤json字符串中的特殊字符
- java转换 HTML字符实体,java特殊字符转义字符串