Home Explore Help
Register Sign In
baolei
/
qryord
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 2e2c0b5d39
Branches Tags
qryord
/
src
/
main
/
java
/
com
/
qryord
/
common
/
xss
/
XssHttpServletRequestWrapper.java

XssHttpServletRequestWrapper.java 1009 B
History Raw

123456789101112131415161718192021222324252627282930313233343536373839 
  1. package com.qryord.common.xss;
    2. 

  2. 

  3. import javax.servlet.http.HttpServletRequest;
    4. 

  4. import javax.servlet.http.HttpServletRequestWrapper;
    5. 

  5. import com.qryord.common.utils.html.EscapeUtil;
    6. 

  6. 

  7. /**
    8. 

  8.  * XSS过滤处理
    9. 

  9.  * 
    10. 

  10.  * @author ruoyi
    11. 

  11.  */
    12. 

  12. public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
    13. 

  13. {
    14. 

  14.     /**
    15. 

  15.      * @param request
    16. 

  16.      */
    17. 

  17.     public XssHttpServletRequestWrapper(HttpServletRequest request)
    18. 

  18.     {
    19. 

  19.         super(request);
    20. 

  20.     }
    21. 

  21. 

  22.     @Override
    23. 

  23.     public String[] getParameterValues(String name)
    24. 

  24.     {
    25. 

  25.         String[] values = super.getParameterValues(name);
    26. 

  26.         if (values != null)
    27. 

  27.         {
    28. 

  28.             int length = values.length;
    29. 

  29.             String[] escapseValues = new String[length];
    30. 

  30.             for (int i = 0; i < length; i++)
    31. 

  31.             {
    32. 

  32.                 // 防xss攻击和过滤前后空格
    33. 

  33.                 escapseValues[i] = EscapeUtil.clean(values[i]).trim();
    34. 

  34.             }
    35. 

  35.             return escapseValues;
    36. 

  36.         }
    37. 

  37.         return super.getParameterValues(name);
    38. 

  38.     }
    39. 

  39. }
    40.