XSS攻击
XSS攻击,言而言之,就是脚本攻击,下面向大家展示一下脚本攻击
使用过滤器来解决XSS攻击
代码:
1、过滤器
/**
* 解决XSS攻击的过滤器
* @author 紫炎易霄
*/
public class XssFilter implements Filter{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("过滤器的初始化操作");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
//强转成为HttpServletRequest
HttpServletRequest req = (HttpServletRequest) request;
//使用转换器将传过来的脚本转换成HTML文本
XssWarper xssWarper = new XssWarper(req);
//放行
chain.doFilter(xssWarper, response);
}
@Override
public void destroy() {
System.out.println("过滤器的销毁");
}
}
2、Warpper
/**
* 将传过来的值转换成HTML文本
* @author 紫炎易霄
*/
public class XssWarper extends HttpServletRequestWrapper{
//定义request的全局变量
private HttpServletRequest request;
public XssWarper(HttpServletRequest request) {
super(request);
this.request = request;
}
@Override
public String getParameter(String name) {
String username = request.getParameter(name);
if(StringUtils.isNotEmpty(username)){
username = StringEscapeUtils.escapeHtml4(username);
}
return username;
}
}
3、Servlet
/**
* 处理请求的类
* @author 紫炎易霄
*/
@WebServlet("/zyyx")
public class XssServlet extends HttpServlet{
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//解决乱码问题
req.setCharacterEncoding("UTF-8");
resp.setContentType("text/html;charset=utf-8");
//接收参数
String username = req.getParameter("username");
req.setAttribute("username", username);
//将参数输出到页面上
req.getRequestDispatcher("/content.jsp").forward(req, resp);
}
}
我相信大家能把jsp自己脑补起来。。。不要忘记在web.xml文件中配置过滤器