使用Fileter防止XSS攻击

安全 安全
创建时间:
阅读: 评论:

什么是XSS攻击?
XSS攻击使用Javascript脚本注入进行攻击

使用Fileter过滤器过滤器注入标签
XSSFilter
public class XssFiter implements Filter {

public void init(FilterConfig filterConfig) throws ServletException {

}

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    XssAndSqlHttpServletRequestWrapper xssRequestWrapper = new XssAndSqlHttpServletRequestWrapper(req);
    chain.doFilter(xssRequestWrapper, response);
}

public void destroy() {

}

}

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;

/**

  • 防止XSS攻击
  • /
    public class XssAndSqlHttpServletRequestWrapper extends HttpServletRequestWrapper {
    HttpServletRequest request;
    public XssAndSqlHttpServletRequestWrapper(HttpServletRequest request) {
    super(request);
this.request = request;
    }
    @Override
    public String getParameter(String name) {
    String value = request.getParameter(name);
System.out.println("name:" + name + "," + value);
if (!StringUtils.isEmpty(value)) {
    // 转换Html
    value = StringEscapeUtils.escapeHtml4(value);
}
return value;
    }
    }
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 591235401@qq.com

文章标题:使用Fileter防止XSS攻击

本文作者:阿杜同学

发布时间:2019-02-15, 22:15:21

最后更新:2019-02-15, 22:15:21

原始链接:http://yoursite.com/2019/02/15/%E4%BD%BF%E7%94%A8Fileter%E9%98%B2%E6%AD%A2XSS%E6%94%BB%E5%87%BB/

版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。

©2016-2019 Yelog

Built with Hexo and 3-hexo theme

目录