SpringMVC 過濾非法字符時 form表單類型


實現很簡單,加一個過濾器就好了然后重寫一個request就行

java代碼

public class StringFilter extends  OncePerRequestFilter  {

    protected void doFilterInternal(HttpServletRequest request,
            HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {
        chain.doFilter(new StringFilterRequest((HttpServletRequest)request), response);
    }

    
        


}
class StringFilterRequest extends HttpServletRequestWrapper {
    public StringFilterRequest(HttpServletRequest request) {
        super(request);
    }

    @Override
    public String getParameter(String name) {
        // 返回值之前 先進行過濾
        return filterDangerString(super.getParameter(name));
    }

    @Override
    public String[] getParameterValues(String name) {
        // 返回值之前 先進行過濾
        String[] values = super.getParameterValues(name);
        if(values==null){
            return null;
        }
        for (int i = 0; i < values.length; i++) {
            values[i] = filterDangerString(values[i]);
        }

        return values;
    }

    @Override
    public Map getParameterMap() {
        Map keys = super.getParameterMap();
        Set set = keys.entrySet();
        Iterator iters = set.iterator();
        while (iters.hasNext()) {
            Object key = iters.next();
            Object value = keys.get(key);
            keys.put(key, filterDangerString((String[]) value));
        }
        return keys;
    }

    /*@Override
    public Object getAttribute(String name) {
        // TODO Auto-generated method stub
        Object object = super.getAttribute(name);
        if (object instanceof String) {
            return filterDangerString((String) super.getAttribute(name));
        } else
            return object;
    }*/

    public String filterDangerString(String value) {
        if (value == null) {
            return null;
        }
        value = value.replaceAll("\\{", "{");
        // content = content.replaceAll("&", "&amp;");
        value = value.replaceAll("<", "&lt;");
        value = value.replaceAll(">", "&gt;");
        value = value.replaceAll("\t", "    ");
        value = value.replaceAll("\r\n", "\n");
        value = value.replaceAll("\n", "<br/>");
        value = value.replaceAll("'", "&#39;");
        value = value.replaceAll("\\\\", "&#92;");
        value = value.replaceAll("\"", "&quot;");
        value = value.replaceAll("\\}", "﹜").trim();
        return value;
    }
   
    public String[] filterDangerString(String[] value) {
        if (value == null) {
            return null;
        }
        for (int i = 0; i < value.length; i++) {
            String val = filterDangerString(value[i]);
            value[i] = val;
        }

        return value;
    }

}

web.xm增加個過濾器配置

<filter-name>StringFilter</filter-name>
    <filter-class>com.inbuild.comm.interceptors.StringFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>StringFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

重點不是上面這個,正常情況下是沒有問題的,但是呢,當form表單類型是 form-data x,過濾器是過濾不到的,

如果也想過濾的話,需要將參數拼接到url后面!!

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM