SpringMVC 過濾非法字符時 form表單類型

本文轉載自查看原文 2016-04-20 14:59 5176 BUG記錄

實現很簡單,加一個過濾器就好了然后重寫一個request就行

java代碼

public class StringFilter extends  OncePerRequestFilter  {

    protected void doFilterInternal(HttpServletRequest request,
            HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {
        chain.doFilter(new StringFilterRequest((HttpServletRequest)request), response);
    }

    
        


}
class StringFilterRequest extends HttpServletRequestWrapper {
    public StringFilterRequest(HttpServletRequest request) {
        super(request);
    }

    @Override
    public String getParameter(String name) {
        // 返回值之前 先進行過濾
        return filterDangerString(super.getParameter(name));
    }

    @Override
    public String[] getParameterValues(String name) {
        // 返回值之前 先進行過濾
        String[] values = super.getParameterValues(name);
        if(values==null){
            return null;
        }
        for (int i = 0; i < values.length; i++) {
            values[i] = filterDangerString(values[i]);
        }

        return values;
    }

    @Override
    public Map getParameterMap() {
        Map keys = super.getParameterMap();
        Set set = keys.entrySet();
        Iterator iters = set.iterator();
        while (iters.hasNext()) {
            Object key = iters.next();
            Object value = keys.get(key);
            keys.put(key, filterDangerString((String[]) value));
        }
        return keys;
    }

    /*@Override
    public Object getAttribute(String name) {
        // TODO Auto-generated method stub
        Object object = super.getAttribute(name);
        if (object instanceof String) {
            return filterDangerString((String) super.getAttribute(name));
        } else
            return object;
    }*/

    public String filterDangerString(String value) {
        if (value == null) {
            return null;
        }
        value = value.replaceAll("\\{", "｛");
        // content = content.replaceAll("&", "&amp;");
        value = value.replaceAll("<", "&lt;");
        value = value.replaceAll(">", "&gt;");
        value = value.replaceAll("\t", "    ");
        value = value.replaceAll("\r\n", "\n");
        value = value.replaceAll("\n", "<br/>");
        value = value.replaceAll("'", "&#39;");
        value = value.replaceAll("\\\\", "&#92;");
        value = value.replaceAll("\"", "&quot;");
        value = value.replaceAll("\\}", "﹜").trim();
        return value;
    }
   
    public String[] filterDangerString(String[] value) {
        if (value == null) {
            return null;
        }
        for (int i = 0; i < value.length; i++) {
            String val = filterDangerString(value[i]);
            value[i] = val;
        }

        return value;
    }

}

web.xm增加個過濾器配置

<filter-name>StringFilter</filter-name>
    <filter-class>com.inbuild.comm.interceptors.StringFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>StringFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

重點不是上面這個，正常情況下是沒有問題的，但是呢，當form表單類型是 form-data x，過濾器是過濾不到的，

如果也想過濾的話，需要將參數拼接到url后面！！

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 Spring Filter過濾表單中的非法字符 js 過濾非法字符 form表單提交時后台類型報錯 SpringMVC·form表單Date類型問題導致的400問題 springMVC處理multipart/form-data類型的表單數據利用RequestBodyAdvice對Http請求非法字符過濾 java 非法字符過濾 , 半角/全角替換 spring boot 使用過濾器過濾非法字符 SpringMVC(十四)：SpringMVC 與表單提交（post/put/delete的用法）；form屬性設置encrypt='mutilpart/form-data'時，如何正確配置web.xml才能以put方式提交表單（ssm框架）springMVC form表單提交---包含時間（date）類型的數據報錯400