smart-erp/ruoyi-common/src/main/java/com/ruoyi/common/xss/XssHttpServletRequestWrappe...

package com.ruoyi.common.xss;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import com.ruoyi.common.utils.html.EscapeUtil;

/**
 * XSS过滤处理
 * 
 * @author ruoyi
 */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
{
    /**
     * @param request
     */
    public XssHttpServletRequestWrapper(HttpServletRequest request)
    {
        super(request);
    }

    @Override
    public String[] getParameterValues(String name)
    {
        String[] values = super.getParameterValues(name);
        if (values != null)
        {
            int length = values.length;
            String[] escapseValues = new String[length];
            for (int i = 0; i < length; i++)
            {
                // 防xss攻击和过滤前后空格
                escapseValues[i] = EscapeUtil.clean(values[i]).trim();
            }
            return escapseValues;
        }
        return super.getParameterValues(name);
    }
}
提交 2 years ago			`package com.ruoyi.common.xss;`

			`import javax.servlet.http.HttpServletRequest;`
			`import javax.servlet.http.HttpServletRequestWrapper;`
			`import com.ruoyi.common.utils.html.EscapeUtil;`

			`/**`
			`* XSS过滤处理`
			`*`
			`* @author ruoyi`
			`*/`
			`public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper`
			`{`
			`/**`
			`* @param request`
			`*/`
			`public XssHttpServletRequestWrapper(HttpServletRequest request)`
			`{`
			`super(request);`
			`}`

			`@Override`
			`public String[] getParameterValues(String name)`
			`{`
			`String[] values = super.getParameterValues(name);`
			`if (values != null)`
			`{`
			`int length = values.length;`
			`String[] escapseValues = new String[length];`
			`for (int i = 0; i < length; i++)`
			`{`
			`// 防xss攻击和过滤前后空格`
			`escapseValues[i] = EscapeUtil.clean(values[i]).trim();`
			`}`
			`return escapseValues;`
			`}`
			`return super.getParameterValues(name);`
			`}`
			`}`