You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.1 KiB
38 lines
1.1 KiB
package com.fr.plugin; |
|
|
|
import com.fr.stable.StringUtils; |
|
|
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletRequestWrapper; |
|
|
|
public class XssFilterWrapper extends HttpServletRequestWrapper { |
|
public XssFilterWrapper(HttpServletRequest request) { |
|
super(request); |
|
} |
|
|
|
@Override |
|
public String getParameter(String name) { |
|
String parameter = super.getParameter(name); |
|
return StringUtils.isNotBlank(parameter) ? htmlEscape(parameter) : parameter; |
|
} |
|
|
|
private String htmlEscape(String str) { |
|
return str.replaceAll("<", "<").replaceAll(">", ">"); |
|
} |
|
|
|
/** |
|
* 对数组参数进行特殊字符过滤 |
|
*/ |
|
@Override |
|
public String[] getParameterValues(String name) { |
|
String[] values = super.getParameterValues(name); |
|
if (values == null) { |
|
return null; |
|
} |
|
String[] newValues = new String[values.length]; |
|
for (int i = 0; i < values.length; i++) { |
|
newValues[i] = htmlEscape(values[i]);//spring的HtmlUtils进行转义 |
|
} |
|
return newValues; |
|
} |
|
} |