投稿

[Web安全之实战] 跨站脚本攻击XSS

优速盾-小U 网站百科 阅读 242

public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper

 

    public XssHttpServletRequestWrapper(HttpServletRequest request)

    {

        super(request);

    }

 

    public String[] getParameterValues(String parameter)

    {

        String[] values = super.getParameterValues(parameter);

        if (values==null)

        {

            return null;

        }

        int count = values.length;

        String[] encodedValues = new String[count];

        for (int i = 0; i < count; i++)

        {

            encodedValues[i] = cleanXSS(values[i]);

        }

        return encodedValues;

    }

 

    public String getParameter(String parameter)

    {

        String value super.getParameter(parameter);

        if (value == null)

        {

            return null;

        }

        return cleanXSS(value);

    }

 

    public String getHeader(String name)

    {

        String value super.getHeader(name);

        if (value == null)

            return null;

        return cleanXSS(value);

    }

 

    /**

      * @Title: cleanXSS

      * @Description: You'll need to remove the spaces from the html entities below

      * @param @param value

      * @param @return

      * @return String

      */

    private String cleanXSS(String value)

    {

        value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");

        value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");

        value = value.replaceAll("'", "& #39;");

        value = value.replaceAll("eval\\((.*)\\)", "");

        value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");

        value = value.replaceAll("script", "");

        return value;

    }

原文链接:https://www.cnblogs.com/Alandre/p/4264822.html

原创文章,作者:优速盾-小U,如若转载,请注明出处:https://www.cdnb.net/bbs/archives/18713

(0)
优速盾-小U优速盾-小U
0 0
上一篇 2023年10月4日
下一篇 2023年10月4日

相关推荐

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

优速盾注册领取大礼包www.cdnb.net
/sitemap.xml