package weixin.idea.waiting.cq.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang.StringEscapeUtils;
/**
*
* @author wudw
*
*/
public class GetHttpServletRequestWrapper extends HttpServletRequestWrapper {
private String charset = "UTF-8";
public GetHttpServletRequestWrapper(HttpServletRequest request) {
super(request);
}
/**
* 获得被装饰对象的引用和采用的字符编码
*
* @param request
* @param charset
*/
public GetHttpServletRequestWrapper(HttpServletRequest request,
String charset) {
super(request);
this.charset = charset;
}
/**
* 重写getParameter方法获得参数,对特殊字符进行过滤
*/
public String getParameter(String name) {
String value = super.getParameter(name);
value = value == null ? null : convert(value);
return value;
}
/**
* 重写getParameterValues方法获得参数,对特殊字符进行过滤
*/
public String[] getParameterValues(String name){
String[] values = super.getParameterValues(name);
if(values!=null && values.length>0){
values[0] = values[0] == null ? null : convert(values[0]);
}
return values;
}
/**
* 过滤规则
* @param target
* @return
*/
public String convert(String target) {
//target = StringEscapeUtils.escapeHtml(target);
//target = StringEscapeUtils.escapeJavaScript(target);
target = StringEscapeUtils.escapeSql(target);
target = target.replace("&", "&");
target = target.replace("<", "<");
target = target.replace(">", ">");
target = target.replace("'", "'");
target = target.replace("\"", """);
target = target.replace("alert", "a lert");
target = target.replace("script", "s cript");
target = target.replace("document", "d ocument");
target = target.replace("cookie", "c ookie");
return target;
}
}
filter对request请求拦截,对请求参数进行修改
3星 · 超过75%的资源 需积分: 50 32 浏览量
2015-10-08
10:27:33
上传
评论 2
收藏 2KB ZIP 举报 
特殊字符过滤.zip (2个子文件) 
JsFilter.java 1KB GetHttpServletRequestWrapper.java 2KB资源评论
Only_Friend2015-11-25终于找对资源了。谢谢分享!
小笔头有梦想2018-05-17无用代码。
菜的不能再菜的程序猿2018-04-27无用代码。- iceaugust2019-05-05我用上了,正好有此需求,要过滤过滤字符!!
