- 1AI大模型引领金融创新变革与实践【文末送书】_金融加ai
- 2数据分析师学习路线与就业环境分析报告
- 3轻量级状态机框架 Sateless4j 实践_stateless4j permitdynamic
- 4STL复习-序列式容器和容器适配器部分
- 5#29 – User authentication failed问题总结_esm failure
- 6使用Github Actions自动同步到Gitee仓库_github gitee 自动同步github action
- 7vue的生命周期和父子组件渲染(需要结合react进行比较)_vue和react父子组件渲染周期对比
- 8go的爬虫工具教你如何去翻译(go调用js,colly的使用)_colly 执行js
- 9残差网络(ResNet)_residualblock
- 10pyqt5 QTimer使用_qtpy qtimer
java过滤xss_java XSS漏洞过滤
赞
踩
利用 Java 的 xssprotect(Open Source Library)对出现 xss 漏洞的参数进行过滤。
项目web.xml配置过滤器:
xssAndSqlFilter
com.tp.XSS.XssHttpServletFilter
isFilter
true
xssAndSqlFilter
/*
java代码:
package com.tp.XSS;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
public class XssHttpServletFilter implements Filter {
private boolean isXss = false;
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if (isXss)
{
chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request), response);
}
else
{
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
//w
