You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.1 KiB
38 lines
1.1 KiB
2 years ago
|
package com.fr.plugin;
|
||
|
|
||
|
import com.fr.stable.StringUtils;
|
||
|
|
||
|
import javax.servlet.http.HttpServletRequest;
|
||
|
import javax.servlet.http.HttpServletRequestWrapper;
|
||
|
|
||
|
public class XssFilterWrapper extends HttpServletRequestWrapper {
|
||
|
public XssFilterWrapper(HttpServletRequest request) {
|
||
|
super(request);
|
||
|
}
|
||
|
|
||
|
@Override
|
||
|
public String getParameter(String name) {
|
||
|
String parameter = super.getParameter(name);
|
||
|
return StringUtils.isNotBlank(parameter) ? htmlEscape(parameter) : parameter;
|
||
|
}
|
||
|
|
||
|
private String htmlEscape(String str) {
|
||
|
return str.replaceAll("<", "<").replaceAll(">", ">");
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* 对数组参数进行特殊字符过滤
|
||
|
*/
|
||
|
@Override
|
||
|
public String[] getParameterValues(String name) {
|
||
|
String[] values = super.getParameterValues(name);
|
||
|
if (values == null) {
|
||
|
return null;
|
||
|
}
|
||
|
String[] newValues = new String[values.length];
|
||
|
for (int i = 0; i < values.length; i++) {
|
||
|
newValues[i] = htmlEscape(values[i]);//spring的HtmlUtils进行转义
|
||
|
}
|
||
|
return newValues;
|
||
|
}
|
||
|
}
|