實現很簡單,加一個過濾器就好了然后重寫一個request就行
java代碼
public class StringFilter extends OncePerRequestFilter { protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { chain.doFilter(new StringFilterRequest((HttpServletRequest)request), response); } } class StringFilterRequest extends HttpServletRequestWrapper { public StringFilterRequest(HttpServletRequest request) { super(request); } @Override public String getParameter(String name) { // 返回值之前 先進行過濾 return filterDangerString(super.getParameter(name)); } @Override public String[] getParameterValues(String name) { // 返回值之前 先進行過濾 String[] values = super.getParameterValues(name); if(values==null){ return null; } for (int i = 0; i < values.length; i++) { values[i] = filterDangerString(values[i]); } return values; } @Override public Map getParameterMap() { Map keys = super.getParameterMap(); Set set = keys.entrySet(); Iterator iters = set.iterator(); while (iters.hasNext()) { Object key = iters.next(); Object value = keys.get(key); keys.put(key, filterDangerString((String[]) value)); } return keys; } /*@Override public Object getAttribute(String name) { // TODO Auto-generated method stub Object object = super.getAttribute(name); if (object instanceof String) { return filterDangerString((String) super.getAttribute(name)); } else return object; }*/ public String filterDangerString(String value) { if (value == null) { return null; } value = value.replaceAll("\\{", "{"); // content = content.replaceAll("&", "&"); value = value.replaceAll("<", "<"); value = value.replaceAll(">", ">"); value = value.replaceAll("\t", " "); value = value.replaceAll("\r\n", "\n"); value = value.replaceAll("\n", "<br/>"); value = value.replaceAll("'", "'"); value = value.replaceAll("\\\\", "\"); value = value.replaceAll("\"", """); value = value.replaceAll("\\}", "﹜").trim(); return value; } public String[] filterDangerString(String[] value) { if (value == null) { return null; } for (int i = 0; i < value.length; i++) { String val = filterDangerString(value[i]); value[i] = val; } return value; } }
web.xm增加個過濾器配置
<filter-name>StringFilter</filter-name> <filter-class>com.inbuild.comm.interceptors.StringFilter</filter-class> </filter> <filter-mapping> <filter-name>StringFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
重點不是上面這個,正常情況下是沒有問題的,但是呢,當form表單類型是 form-data x,過濾器是過濾不到的,
如果也想過濾的話,需要將參數拼接到url后面!!