Xss过滤器如何配置?Xss过滤器配置方法

PHP中文网 Windows 百度已收录

当前第2页 返回上一页

XssFilter:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

import javax.servlet.*;

import javax.servlet.http.HttpServletRequest;

import java.io.IOException;

import java.util.List;

@Compent

public class XssFilter implements Filter {

FilterConfig filterConfig = null;

private List<String> urlExclusion = null;

public void init(FilterConfig filterConfig) throws ServletException {

this.filterConfig = filterConfig;

}

public void destroy() {

this.filterConfig = null;

}

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

HttpServletRequest httpServletRequest = (HttpServletRequest) request;

String servletPath = httpServletRequest.getServletPath();

if (urlExclusion != null && urlExclusion.contains(servletPath)) {

chain.doFilter(request, response);

} else {

chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request), response);

}

}

public List<String> getUrlExclusion() {

return urlExclusion;

}

public void setUrlExclusion(List<String> urlExclusion) {

this.urlExclusion = urlExclusion;

}

}

XssHttpServletRequestWrapper:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletRequestWrapper;

public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {

public XssHttpServletRequestWrapper(HttpServletRequest servletRequest) {

super(servletRequest);

}

public String[] getParameterValues(String parameter) {

String[] values = super.getParameterValues(parameter);

if (values == null) {

return null;

}

int count = values.length;

String[] encodedValues = new String[count];

for (int i = 0; i < count; i++) {

encodedValues[i] = cleanXSS(values[i]);

}

return encodedValues;

}

public String getParameter(String parameter) {

String value = super.getParameter(parameter);

if (value == null) {

return null;

}

return cleanXSS(value);

}

public String getHeader(String name) {

String value = super.getHeader(name);

if (value == null)

return null;

return cleanXSS(value);

}

private String cleanXSS(String value) {

//You'll need to remove the spaces from the html entities below

value = value.replaceAll("<", "& lt;")。replaceAll(">", "& gt;");

value = value.replaceAll("\\(", "& #40;")。replaceAll("\\)", "& #41;");

value = value.replaceAll("'", "& #39;");

value = value.replaceAll("eval\\((。*)\\)", "");

value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(。*)[\\\"\\\']", "\"\"");

value = value.replaceAll("script", "");

return value;

}

}

以上就是Xss过滤器如何配置?Xss过滤器配置方法的详细内容,更多文章请关注木庄网络博客

返回前面的内容

相关阅读 >>

Xss过滤器如何配置?Xss过滤器配置方法

更多相关阅读请进入《Xss过滤器》频道 >>



标签:

打赏

取消

感谢您的支持,我会继续努力的!

扫码支持
扫码打赏,您说多少就多少

打开支付宝扫一扫,即可进行扫码打赏哦

分享从这里开始,精彩与您同在

相关推荐

评论

管理员已关闭评论功能...