public class aaa implements Filter { public void doFilter(ServletRequest request, ServletResponse response,FilterChain filterChain) throws IOException, ServletException { setReplaceStr(filterConfig.getInitParameter("replaceStr"));//replaceStr变量 get和set方法 setExcludeParamName(filterConfig .getInitParameter("excludeParamName"));//excludeParamName变量 get和set方法 cleanParameters(request.getParameterMap()); filterChain.doFilter(req, response); } private void cleanParameters(Map original) { for (Object key : original.keySet()) { Object value = original.get(key); if (value instanceof String[]) { // 不需要过滤的参数名 if (getExcludeParamNames() != null && getExcludeParamNames().contains(key)) { parameterMap.put(key, (String[]) value); } else { parameterMap.put(key, clean((String[]) value)); } } else { parameterMap.put(key, value); } } } private String[] clean(String[] values) { List<SensitiveKeyFilterKey> keys = null; String[] clean = new String[values.length]; for (int i = 0; i < clean.length; i++) { // 清理xss攻击 clean[i] = Jsoup.clean(values[i], TagWhitelist.defaultWhitelist()); } return clean; } }
0票
开心
0票
板砖
0票
感动
0票
有用
0票
疑问
0票
难过
0票
无聊
0票
震惊
顶
踩