xss ***
2015-11-05 10:20
633 查看
添加FILTER
public class XSSFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(new X***equestWrapper((HttpServletRequest) request), response);
}
}
public class XSSFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(new X***equestWrapper((HttpServletRequest) request), response);
}
}
增加PARAM的拦截: import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import org.apache.commons.lang3.StringEscapeUtils; public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper{ public XssHttpServletRequestWrapper(HttpServletRequest request) { super(request); } @Override public String getHeader(String name) { return StringEscapeUtils.escapeHtml4(super.getHeader(name)); } @Override public String getQueryString() { return StringEscapeUtils.escapeHtml4(super.getQueryString()); } @Override public String getParameter(String name) { return StringEscapeUtils.escapeHtml4(super.getParameter(name)); } @Override public String[] getParameterValues(String name) { String[] values = super.getParameterValues(name); if(values != null) { int length = values.length; String[] escapseValues = new String[length]; for(int i = 0; i < length; i++){ escapseValues[i] = StringEscapeUtils.escapeHtml4(values[i]); } return escapseValues; } return super.getParameterValues(name); } }
相关文章推荐
- 解决ie动态修改link样式,import css不刷新的问题
- css import与link的区别
- php错误提示failed to open stream: HTTP request failed!的完美解决方法
- Flex include和import ActionScript代码
- 小论asp中request与response的用法
- 循环取值Request.QueryString的用法
- request.getParameter()取值为null的解决方法
- Asp.net内置对象之Request对象(概述及应用)
- 通过过滤器(Filter)解决JSP的Post和Request中文乱码问题
- asp下request.querystring("id")与request("id")区别
- 关于request.getHeader("Referer")的问题探讨
- phpmyadmin导入(import)文件限制的解决办法
- asp.net Request.ServerVariables[] 读解
- Request.UrlReferrer使用详解
- Thinkphp中import的几个用法详细介绍
- php中使用$_REQUEST需要注意的一个问题
- 跟我学Laravel之请求(Request)的生命周期
- php中神奇的fastcgi_finish_request
- 详解Java类库的概念以及import的使用方法
- JSP用过滤器解决request getParameter中文乱码问题