servlet过滤非法字符

 index.jsp页面

<%@ page language="java" import="java.util.*" pageEncoding="GB18030"%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
 <head>
 </head>

 <body>
  <table>
   <%
    String title = (String) request.getAttribute("title");
    String content = (String) request.getAttribute("content");
    if (title != null && !title.isEmpty()) {
     out.println("<tr><td>" + title + "</td></tr>");
    }
    if (content != null && !content.isEmpty()) {
     out.println("<tr><td>" + content + "</td></tr>");
    }
   %>
  </table>
  <form action="MessageServlet" method="post">
   <table>
    <tr>
     <td>
      标题：
      <input type="text" name="title" size="30">
     </td>
    </tr>
    <tr>
     <td>
      内容：
      <textarea rows="5" cols="40" name="content"></textarea>
     </td>
    </tr>
    <tr>
     <td>
      <input type="submit" name="submit" value="提交">
     </td>
    </tr>
   </table>
  </form>
 </body>
</html>

 

 

WordFilter.java

package yuhaibin;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class WordFilter implements Filter {
 // 非法字符数组
 private String[] words;
 // 字符编码
 private String encoding;

 // 实现filter的init方法
 public void init(FilterConfig filterConfig) {
  encoding = filterConfig.getInitParameter("encoding");
  words = new String[] { "糟糕", "混蛋", "色情", "性" };

 }

 // 实现doFilter方法
 public void doFilter(ServletRequest request, ServletResponse response,
   FilterChain chain) throws IOException, ServletException {
  // 判断字符编码是否有效
  if (encoding != null) {// 设置request字符编码
   request.setCharacterEncoding(encoding);
   // 将request转换为重写后request
   request = new Request((HttpServletRequest) request);
   // 设置response字符编码
   response.setContentType("text/html;charset=" + encoding);
  }
  chain.doFilter(request, response);
 }

 // 实现destroy方法
 public void destroy() {
  this.encoding = null;
  this.words = null;
 }

 /*
  * 重写HttpServletRequestWrapper
  */
 class Request extends HttpServletRequestWrapper {
  // 构造方法
  public Request(HttpServletRequest request) {
   super(request);
  }

  // 重写getParameter方法
  public String getParameter(String name) {
   // 返回过滤后的参数值
   return filter(super.getRequest().getParameter(name));
  }

  // 重写getParameterValues方法
  public String[] getParameterValues(String name) {
   String[] values = super.getRequest().getParameterValues(name);
   // 通过循环进行过滤
   for (int i = 0; i < values.length; i++) {
    values[i] = filter(values[i]);
   }
   return values;
  }

  // 过滤非法字符函数
  public String filter(String param) {
   // 判断非法字符是否被初始化
   if (words != null && words.length > 0) {
    // 循环替换非法字符
    for (int i = 0; i < words.length; i++) {
     // 判断是否包含非法字符
     if (param.indexOf(words[i]) != -1) {
      // 非法字符替换为****
      param = param.replace(words[i], "****");
     }
    }
   }
   return param;
  }

 }
}

 

 

 

MessageServlet.java

package yuhaibin;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class MessageServlet extends HttpServlet {
 private static final long serialVersionUID = -28643831554544646L;

 public void doPost(HttpServletRequest request, HttpServletResponse response)
   throws ServletException, IOException {
  // 获取标题
  String title = request.getParameter("title");
  // 获取内容
  String content = request.getParameter("content");
  // 将标题放到request中
  request.setAttribute("title", title);
  // 将内容放到request中
  request.setAttribute("content", content);
  // 转发到result.jsp页面
  request.getRequestDispatcher("index.jsp").forward(request, response);

 }
}

 

 

 

 

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
 http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!--声明非法字符过滤器-->
<filter>
<filter-name>
WordFilter
</filter-name>
<filter-class>
yuhaibin.WordFilter
</filter-class>
<!--初始化参数值-->
<init-param>
<param-name>
encoding
</param-name>
<param-value>
GBK
</param-value>
</init-param>
</filter>
<!--映射过滤非法字符-->
<filter-mapping>
<filter-name>
WordFilter
</filter-name>
<!--与所有请求关联-->
<url-pattern>
/*
</url-pattern>
</filter-mapping>
<!--Servlet配置-->
<servlet>
<servlet-name>
MessageServlet
</servlet-name>
<servlet-class>
yuhaibin.MessageServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>
MessageServlet
</servlet-name>
<url-pattern>
/MessageServlet
</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
</web-app>