实例如下:
xssfilter.java
โมฆะสาธารณะ Dofilter (ServletRequest ServletRequest, ServletResponse ServletResponse, FilterChain FilterChain) พ่น IOException, Servletexception {// Flag = True 只做 url 验证; Flag = False 做所有字段的验证; Boolean Flag = true; if (Flag) {// 只对 url 做 xss 校验 httpservletrequest httpservletrequest = (httpservletrequest) servletrequest; httpservletrequest.getRequesturl (). toString (); requesturi = urldecoder.decode (requesturi, "utf-8"); ถ้า (ขอ! servletResponse); return;} ถ้า (requesturi! = null && requesturi.indexof ("account_bank_return.html")! =-1) {filterchain.dofilter (servletrequest, servletResponse); return;} if (requesturi! = null && requesturi.indexof ("/alipay/activity.html")! =-1) {filterchain.dofilter (servletrequest, servletResponse); ;} if (requesturi! = null && requesturi.indexof ("/alipaylogin.html")! =-1) {filterchain.dofilter (servletrequest, servletResponse); return; httpservletrequest.getQueryString (); if (! "". เท่ากับ (param) && param! = null) {param = urldecoder.decode (param, "utf-8"); string orginalurl = requesturi + param; string sqlparam = param; // requesturi.endswith ("/member/unsers.html")) {sqlparam = rw.cleansqlinject (param);} string xssparam = rw.cleanxss (sqlparam); requesturi += = "?"+xssparam; ถ้า (! xssparam.equals (param)) {system.out.println ("Requesturi :::::::"+Requesturi); httpservletResponse.sendrect (requesturi); system.out.println ( requestwrapper ((httpservletrequest) servletrequest), servletResponse); return;}} filterchain.dofilter (servletrequest, servletresponse);} else {// 对请求中的所有东西都做校验, 包括表单。此功能校验比较严格容易屏蔽表单正常输入, servletResponse);}} requestmapping: public requestwrapper () {super (null);} public RequestWrapper (httpservletrequest httpservletrequest) {super (httpservletrequest);} public String [] getParametervalues {return null;} int i = str.length; string as1 [] = สตริงใหม่ [i]; สำหรับ (int j = 0; j <i; j ++) {as1 [j] = cleanxss (cleansqlinject (str [j]); null;} else {return cleanxss (cleansqlinject (s1));}} สตริงสาธารณะ getheader (สตริง s) {string s1 = super.getheader (s); ถ้า (s1 == null) {return null; = src; system.out.println ("XSS --- อุณหภูมิ->"+src); src = src.replaceall ("<", "<"). replaceall (">", ">"); // ถ้า (src.indexof ("ที่อยู่") ==-1) // {src = src.replaceall ("// (", "(") .replaceall ("//)", ")"); //} src = src.replaceall ( รูปแบบรูปแบบ = pattern.compile ("(eval //((.*)//) | script)", pattern.case_insensitive); matcher matcher = pattern.matcher (src); src = matcher.replaceall (""); pattern = pattern.compile ("[///" // '] [// s]*JavaScript: (.*) [/// "//']", pattern.case_insensitive); matcher = pattern.matcher (src); src = matcher.replaceall ("/"/""); // 增加脚本 src = src.replaceall ("สคริปต์", "") .replaceall (";", "") .replaceall ("/" "," ") .replaceall ("@"," "). replaceall (" 0x0d ",") ""); ถ้า (! temp.equals (src)) {system.out.println ("输入信息存在 xss 攻击!"); system.out.println ("原始输入信息->"+temp); system.out.println ("处理后信息->"+src); = src; "Forbido"); ถ้า (! temp.equals (src)) {system.out.println ("输入信息存在 sql 攻击!"); system.out.println ("原始输入信息->"+temp);xml 配置:
<silter> <filter-Name> XSSFilter </filter-Name> <filter-Class> cn.com.jsoft.xss.xssfilter </filter-class> <init-Param> <param-name> am-value> utf-8 </param-value> </init-param> </filter> <filter-mapping> <filter-name> xssfilter </filter-name> <url-pattern>/*</url-pattern>
以上代码仅仅将特殊的 sql 字符, 特殊特殊脚本字符处理掉脚本字符处理掉, 具体的页面处理还需要后台处理!!
关于这篇 Java 过滤器กรอง防 SQL 注入的实现代码就是小编分享给大家的全部内容了, 希望能给大家一个参考, 也希望大家多多支持武林网。也希望大家多多支持武林网。