package com.fr.plugin;

import com.fr.stable.StringUtils;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class XssFilterWrapper extends HttpServletRequestWrapper {
    public XssFilterWrapper(HttpServletRequest request) {
        super(request);
    }

    @Override
    public String getParameter(String name) {
        String parameter = super.getParameter(name);
        return StringUtils.isNotBlank(parameter) ? htmlEscape(parameter) : parameter;
    }

    private String htmlEscape(String str) {
        return str.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
    }

    /**
     * 对数组参数进行特殊字符过滤
     */
    @Override
    public String[] getParameterValues(String name) {
        String[] values = super.getParameterValues(name);
        if (values == null) {
            return null;
        }
        String[] newValues = new String[values.length];
        for (int i = 0; i < values.length; i++) {
            newValues[i] = htmlEscape(values[i]);//spring的HtmlUtils进行转义
        }
        return newValues;
    }
}