JAVA----参数过滤器ServletRequestWrapper,实现:防XSS,去掉参数左右空格
ServletRequestWrapper防xss攻击和过滤前后空格public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {public XssHttpServletRequestWrapper(HttpServletRequest request) {super(request);}@Overrid
·
ServletRequestWrapper
防xss攻击和过滤前后空格
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
public XssHttpServletRequestWrapper(HttpServletRequest request) {
super(request);
}
@Override
public String[] getParameterValues(String name) {
String[] values = super.getParameterValues(name);
if (values != null) {
int length = values.length;
String[] escapeValues = new String[length];
/**
* 防xss攻击和过滤前后空格
*/
for (int i = 0; i<length; i++) {
escapeValues[i] = Jsoup.clean(values[i], Whitelist.relaxed()).trim();
}
return escapeValues;
}
return super.getParameterValues(name);
}
}
更多推荐
已为社区贡献3条内容
所有评论(0)