XSS攻击过滤器
来源:互联网 发布:手机快递入库软件 编辑:程序博客网 时间:2024/05/21 08:49
import java.io.InputStream;import java.util.Iterator;import java.util.Map;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;import org.apache.commons.lang3.StringEscapeUtils;import org.owasp.validator.html.AntiSamy;import org.owasp.validator.html.CleanResults;import org.owasp.validator.html.Policy;import org.owasp.validator.html.PolicyException;import org.owasp.validator.html.ScanException;public class XssRequestWrapper extends HttpServletRequestWrapper {public XssRequestWrapper(HttpServletRequest request) {super(request);}private static Policy policy = null;static {// String path =// URLUtility.getClassPath(XssRequestWrapper.class)+File.separator+"antisamy-anythinggoes-1.4.4.xml";//String path// =XssRequestWrapper.class.getClassLoader().getResource("antisamy-config.xml").getFile();// System.out.println("policy_filepath:"+path);InputStream is = XssRequestWrapper.class.getClassLoader().getResourceAsStream("antisamy-config.xml");// if(path.startsWith("file")){// path = path.substring(6);// }try {policy = Policy.getInstance(is);} catch (PolicyException e) {e.printStackTrace();}}@SuppressWarnings({ "rawtypes", "unchecked" })public Map<String,String[]> getParameterMap(){Map<String,String[]> request_map = super.getParameterMap();Iterator iterator = request_map.entrySet().iterator();while(iterator.hasNext()){Map.Entry me = (Map.Entry)iterator.next();//System.out.println(me.getKey()+":");String[] values = (String[])me.getValue();for(int i = 0 ; i < values.length ; i++){//System.out.println(values[i]);values[i] = xssClean(values[i]);}}return request_map;}@SuppressWarnings({ "rawtypes", "unchecked" })public String getParameter(String name) {String v = super.getParameter(name);if (v == null)return null;return xssClean(v);}@SuppressWarnings({ "rawtypes", "unchecked" })public String[] getParameterValues(String name) {String[] v = super.getParameterValues(name);if (v == null || v.length == 0)return v;for (int i = 0; i < v.length; i++) {v[i] = xssClean(v[i]);}return v;}private String xssClean(String value) {AntiSamy antiSamy = new AntiSamy();try {// CleanResults cr = antiSamy.scan(dirtyInput, policyFilePath);final CleanResults cr = antiSamy.scan(value, policy);// 安全的HTML输出// return cr.getCleanHTML();//String str = StringEscapeUtils.escapeHtml4(cr.getCleanHTML());//str.replaceAll((antiSamy.scan(" ", policy)).getCleanHTML(), "");String str = cr.getCleanHTML();return str;} catch (ScanException e) {e.printStackTrace();} catch (PolicyException e) {e.printStackTrace();}return value;}}
import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;public class XssFilter implements Filter { @SuppressWarnings("unused") private FilterConfig filterConfig; public void destroy() { this.filterConfig = null; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { chain.doFilter(new XssRequestWrapper((HttpServletRequest) request), response); } public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; } }
0 0
- XSS攻击过滤器
- XSS攻击过滤器
- springMVC利用过滤器防止xss攻击
- 解决XSS攻击漏斗的过滤器
- 字符过滤器和防止XSS攻击,SQL注入的过滤器
- Servlet Filter 技术防止XSS攻击的过滤器例子
- 解决XSS攻击漏斗的过滤器解决方案(二)
- XSS攻击
- XSS攻击
- XSS攻击
- XSS攻击
- XSS攻击
- XSS攻击
- xss攻击
- XSS攻击
- XSS攻击
- XSS攻击
- xss攻击
- Leetcode 263. Ugly Number
- 新手初学sublime text
- BZOJ 4349 最小树形图
- S3C2440 windows下使用jlink gdbserver,arm-none-eabi-gdb进行裸机程序编写调试
- 51nod 线段的重叠(贪心)
- XSS攻击过滤器
- 用参数返回一个地址的正确方法
- Xerces -C++ 使用
- 【Mybatis】——mybatis缓存
- service生命周期
- STM32CUBEMX 今天开始学习,标记一下
- [HNOI&AHOI2017] NOIP考挂蒟蒻的一篇游记 && 部分题解
- 自定义时钟View,表盘的绘制
- 用javaConfig注解创建spring 工程的基本配置