主要有三种请求方式,进行过滤替换非法符号
1.普通的GET请求数据:
2.FORM表单提交数据:
3.Json格式数据提交:
把下面5个文件放入项目中即可
1 package com.joppay.admin.security.xss; 2 3 import org.springframework.util.StringUtils; 4 import org.springframework.web.util.HtmlUtils; 5 6 import javax.servlet.http.HttpServletRequest; 7 import javax.servlet.http.HttpServletRequestWrapper; 8 9 /** 10 * XSS转义 11 * 12 * @author leroy 13 * @date 2019/3/6 18:08 14 */ 15 public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { 16 17 /** 18 * Constructs a request object wrapping the given request. 19 * 20 * @param request The request to wrap 21 * @throws IllegalArgumentException if the request is null 22 */ 23 public XssHttpServletRequestWrapper(HttpServletRequest request) { 24 super(request); 25 } 26 27 @Override 28 public String getParameter(String name) { 29 String value = super.getParameter(name); 30 if (!StringUtils.isEmpty(value)) { 31 value = HtmlUtils.htmlEscape(value); 32 } 33 return value; 34 35 } 36 37 @Override 38 public String[] getParameterValues(String name) { 39 String[] parameterValues = super.getParameterValues(name); 40 if (parameterValues == null) { 41 return null; 42 } 43 for (int i = 0; i < parameterValues.length; i++) { 44 String value = parameterValues[i]; 45 parameterValues[i] = HtmlUtils.htmlEscape(value); 46 } 47 return parameterValues; 48 49 } 50 51 }