xss ***-白红宇

xss ***

阅读量：6935 次

发布时间：2019-06-27

本文共 1691 字，大约阅读时间需要 5 分钟。

添加FILTER

public class XSSFilter implements Filter {

@Override

public void init(FilterConfig filterConfig) throws ServletException { } @Override

public void destroy() { }

@Override

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

chain.doFilter(new X×××equestWrapper((HttpServletRequest) request), response);

}

增加PARAM的拦截:import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;import org.apache.commons.lang3.StringEscapeUtils;public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper{	public XssHttpServletRequestWrapper(HttpServletRequest request) {          super(request);      }        @Override      public String getHeader(String name) {          return StringEscapeUtils.escapeHtml4(super.getHeader(name));      }        @Override      public String getQueryString() {          return StringEscapeUtils.escapeHtml4(super.getQueryString());      }        @Override      public String getParameter(String name) {          return StringEscapeUtils.escapeHtml4(super.getParameter(name));      }        @Override      public String[] getParameterValues(String name) {          String[] values = super.getParameterValues(name);          if(values != null) {              int length = values.length;              String[] escapseValues = new String[length];              for(int i = 0; i < length; i++){                  escapseValues[i] = StringEscapeUtils.escapeHtml4(values[i]);              }              return escapseValues;          }          return super.getParameterValues(name);      }        }

转载于:https://blog.51cto.com/5317968/1709889

你可能感兴趣的文章

selenium-webdriver(python) (十三) -- cookie处理

查看>>

Failed to export using the options you specified. Please check your options and try again

查看>>

JavaScript callee caller

查看>>

SQL的datetime类型数据转换为字符串格式大全

查看>>

Approximate Inference 近似推断

查看>>