SpringMVC 过滤非法字符-白红宇

SpringMVC 过滤非法字符

阅读量：5889 次

发布时间：2019-06-19

本文共 2676 字，大约阅读时间需要 8 分钟。

public class StringFilter extends  OncePerRequestFilter  {    protected void doFilterInternal(HttpServletRequest request,            HttpServletResponse response, FilterChain chain)            throws ServletException, IOException {        chain.doFilter(new StringFilterRequest((HttpServletRequest)request), response);    }            }class StringFilterRequest extends HttpServletRequestWrapper {    public StringFilterRequest(HttpServletRequest request) {        super(request);    }    @Override    public String getParameter(String name) {        // 返回值之前 先进行过滤        return filterDangerString(super.getParameter(name));    }    @Override    public String[] getParameterValues(String name) {        // 返回值之前 先进行过滤        String[] values = super.getParameterValues(name);        if(values==null){            return null;        }        for (int i = 0; i < values.length; i++) {            values[i] = filterDangerString(values[i]);        }        return values;    }    @Override    public Map getParameterMap() {        Map keys = super.getParameterMap();        Set set = keys.entrySet();        Iterator iters = set.iterator();        while (iters.hasNext()) {            Object key = iters.next();            Object value = keys.get(key);            keys.put(key, filterDangerString((String[]) value));        }        return keys;    }    /*@Override    public Object getAttribute(String name) {        // TODO Auto-generated method stub        Object object = super.getAttribute(name);        if (object instanceof String) {            return filterDangerString((String) super.getAttribute(name));        } else            return object;    }*/    public String filterDangerString(String value) {        if (value == null) {            return null;        }        value = value.replaceAll("\\{", "｛");        // content = content.replaceAll("&", "&");        value = value.replaceAll("<", "<");        value = value.replaceAll(">", ">");        value = value.replaceAll("\t", "    ");        value = value.replaceAll("\r\n", "\n");        value = value.replaceAll("\n", "
");        value = value.replaceAll("'", "'");        value = value.replaceAll("\\\\", "\");        value = value.replaceAll("\"", """);        value = value.replaceAll("\\}", "﹜").trim();        return value;    }       public String[] filterDangerString(String[] value) {        if (value == null) {            return null;        }        for (int i = 0; i < value.length; i++) {            String val = filterDangerString(value[i]);            value[i] = val;        }        return value;    }}

使用ajax请求的时候返回一个Map对象到前端，出现特殊字符，可以先转义以后再传。

转载于:https://my.oschina.net/u/2436852/blog/1542772

你可能感兴趣的文章

求两个数中的较大值max(a,b)。(不用if，>)

Hive通过查询语句向表中插入数据过程中发现的坑