热门标签
热门文章
- 1利用Axure RP9 动态面板理解SVG ViewPort和ViewBox_axure 显示动态svg
- 2微信小程序登录流程(包含前端、后端代码)
- 3DataX优化_datax参数调优
- 4ubuntu warning: gpg (GnuPG) is not available. 解决办法_warning: gpg (gnupg) is not available. warning: in
- 5简单研究Unity中的万向锁和欧拉角以及四元数_unity 万向锁
- 6超赞!贪吃蛇、吃豆人和数字华容道等童年小游戏1行Python代码就能玩_jupyter华容道
- 7Java基于微信小程序的大学生实习考勤打卡系统(源码+LW)_基于微信小程序的考勤管理系统 代码货栈
- 8由UnityEngine.Object该怎么判空引发的一些思考_unity 判空 性能 gameobject
- 9【机器学习】单细胞-ZINB loss(零膨胀负二项分布)_zinb分布
- 10RabbitMQ之Exchange、Queue参数详解_rabbitmq queue type
当前位置: article > 正文
XSS 存储漏洞解决_xss存储型漏洞解决代码
作者:凡人多烦事01 | 2024-02-27 05:20:52
赞
踩
xss存储型漏洞解决代码
一、新建一个过滤器
- import javax.servlet.*;
- import javax.servlet.http.HttpServletRequest;
- import java.io.IOException;
-
- public class XssFilter implements Filter {
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
-
- }
-
- @Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
- MyXssHttpServletRequestWrapper req=new MyXssHttpServletRequestWrapper((HttpServletRequest)servletRequest);
-
- filterChain.doFilter(req,servletResponse);
- }
-
- @Override
- public void destroy() {
-
- }
- }
二、继承HttpServletRequestWrapper,重写方法getParameterMap,替换非法字符
- package com.dawnpro.module.system.security.authentication.access;
-
- import com.alibaba.fastjson.JSONObject;
- import org.apache.commons.lang.StringUtils;
- import org.springframework.util.CollectionUtils;
- import org.springframework.web.servlet.HandlerMapping;
-
- import javax.servlet.ReadListener;
- import javax.servlet.ServletInputStream;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletRequestWrapper;
- import java.io.BufferedReader;
- import java.io.ByteArrayInputStream;
- import java.io.IOException;
- import java.io.InputStreamReader;
- import java.nio.charset.Charset;
- import java.util.*;
- import java.util.regex.Matcher;
- import java.util.regex.Pattern;
-
- public class MyXssHttpServletRequestWrapper extends HttpServletRequestWrapper {
-
- HttpServletRequest orgRequest= null;
- //不期待被过滤的的链接和字段(管理后台使用了富文本,希望有可编辑的内容)
- HashMap<String, String> doNotFilterURLAndParamMap = new HashMap<String, String>() {
- {
- put("/api/v2/group/manage", "description");
- put("/api/v1/sendNews", "content");
- }
- };
- boolean isUpData = false;//判断是否是上传 上传忽略
- public MyXssHttpServletRequestWrapper(HttpServletRequest servletRequest) {
- super(servletRequest);
- String contentType = servletRequest.getContentType ();
- orgRequest=servletRequest;
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/凡人多烦事01/article/detail/150322
推荐阅读
相关标签
