码上欢乐
相关内容   简体   繁体

SpringMVC 过滤非法字符时 form表单类型

本文转载自  查看原文  2016-04-20 14:59  5176    BUG记录

实现很简单,加一个过滤器就好了然后重写一个request就行

java代码

public class StringFilter extends  OncePerRequestFilter  {

    protected void doFilterInternal(HttpServletRequest request,
            HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {
        chain.doFilter(new StringFilterRequest((HttpServletRequest)request), response);
    }

    
        


}
class StringFilterRequest extends HttpServletRequestWrapper {
    public StringFilterRequest(HttpServletRequest request) {
        super(request);
    }

    @Override
    public String getParameter(String name) {
        // 返回值之前 先进行过滤
        return filterDangerString(super.getParameter(name));
    }

    @Override
    public String[] getParameterValues(String name) {
        // 返回值之前 先进行过滤
        String[] values = super.getParameterValues(name);
        if(values==null){
            return null;
        }
        for (int i = 0; i < values.length; i++) {
            values[i] = filterDangerString(values[i]);
        }

        return values;
    }

    @Override
    public Map getParameterMap() {
        Map keys = super.getParameterMap();
        Set set = keys.entrySet();
        Iterator iters = set.iterator();
        while (iters.hasNext()) {
            Object key = iters.next();
            Object value = keys.get(key);
            keys.put(key, filterDangerString((String[]) value));
        }
        return keys;
    }

    /*@Override
    public Object getAttribute(String name) {
        // TODO Auto-generated method stub
        Object object = super.getAttribute(name);
        if (object instanceof String) {
            return filterDangerString((String) super.getAttribute(name));
        } else
            return object;
    }*/

    public String filterDangerString(String value) {
        if (value == null) {
            return null;
        }
        value = value.replaceAll("\\{", "{");
        // content = content.replaceAll("&", "&amp;");
        value = value.replaceAll("<", "&lt;");
        value = value.replaceAll(">", "&gt;");
        value = value.replaceAll("\t", "    ");
        value = value.replaceAll("\r\n", "\n");
        value = value.replaceAll("\n", "<br/>");
        value = value.replaceAll("'", "&#39;");
        value = value.replaceAll("\\\\", "&#92;");
        value = value.replaceAll("\"", "&quot;");
        value = value.replaceAll("\\}", "﹜").trim();
        return value;
    }
   
    public String[] filterDangerString(String[] value) {
        if (value == null) {
            return null;
        }
        for (int i = 0; i < value.length; i++) {
            String val = filterDangerString(value[i]);
            value[i] = val;
        }

        return value;
    }

}

web.xm增加个过滤器配置

<filter-name>StringFilter</filter-name>
    <filter-class>com.inbuild.comm.interceptors.StringFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>StringFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

重点不是上面这个,正常情况下是没有问题的,但是呢,当form表单类型是 form-data x,过滤器是过滤不到的,

如果也想过滤的话,需要将参数拼接到url后面!!

 


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 Spring Filter过滤表单中的非法字符 js 过滤非法字符 form表单提交时后台类型报错 SpringMVC·form表单Date类型问题导致的400问题 springMVC处理multipart/form-data类型的表单数据 利用RequestBodyAdvice对Http请求非法字符过滤 java 非法字符过滤 , 半角/全角替换 spring boot 使用过滤器过滤非法字符 SpringMVC(十四):SpringMVC 与表单提交(post/put/delete的用法);form属性设置encrypt='mutilpart/form-data'时,如何正确配置web.xml才能以put方式提交表单 (ssm框架)springMVC form表单提交---包含时间(date)类型的数据报错400
 
粤ICP备18138465号  © 2018-2026 CODEPRJ.COM