实例如下:
xssfilter.java
public void dofilter(ServletRequest ServletRequest,ServletResponse ServletResponse,FilterChain FilterChain)抛出IOException,ServletException {// flag = true llag = true只做url验证; flag = false做所有字段的验证; boolean flag = true; if(flag){//只对url做xss校验httpservletrequest httpservletRequest =(httpservletrequest)servletrequest; httpservletrequest; httpservletrequest; httpservletrequest.getRequesturl()。toString(); requesturi = ureldecoder.decode(requesturi,“ utf-8”); if(requesturi!= null && requesturi.indexof(“ alipay_hotel_hotel_hotel_hotel_hotel_hotel_book_retnurn.html”)! servletResponse); return;} if(requesturi!= null && requesturi.indexof(“ councel_bank_return.html”)!= - 1){filterChain.dofilter(servletrequest,servletRequest, servletResponse); return;} if(requesturi!= null && requesturi.indexof(“/alipay/activity.html”)!= - 1){filterChain.dofilter(servletRequest,servletResponse); recturn ;} if(requesturi!= null && requesturi.indexof(“/alipaylogin.html”)!= - 1){filterChain.dofilter(ServletRequest,servletResponse); return; return;} httpservletrequest.getquerystring(); if(!“”。等于(param)&& param!= null){param = uroldecoder.decode(param,param,“ utf-8”); strignurl = requestUrl = requestUri + param; param; param; string sqlparam = param;/param;/param;/repact;/repacts;/repactionuri | squri || requesturi.Endswith(“/n/mement/answer.html”)){sqlparam = rw.cleansqlinject(param);}字符串xssparam = rw.cleanxss(sqlparam); requesturi += = = “?”+XSSPARAM;如果(!xssparam.equals(param)){system.out.println(“ requesturi ::::::::::+requesturi); httpservletResponse.sendredResponse.sendredirect(requesturi); system.out.out.out.ut.println(no entered entered requestWrapper(((httpservletRequest)servletRequest),servletResponse); return;}} filterChain.dofilter(servletRequest,servletResponse);} else {// {//对请求中的所有东西都做校验servletResponse);}} requestMapping:public requestWrapper(){super(null);} public requestWrapper(httpservleqletrequest httpservletrequest){super(super(httpservletRequest);} public string st string str str str str str str str = suppeR. {return null;} int i = str.length; string as1 = new String [i]; for(int j = 0; j = 0; j <i; j ++){as1 [j] = cleanxss(cleansqlinject(cleansqlinject(str [j]);} null;} else {return {return cleanxss(cleansqlinject(s1));}}} public string getheader(string s){字符串s1 = super.getheader(s); if(s1 = = null){return null){return null;} else {else {return {return cleanxss(cleansqlinignt s s s s sr string string string tems;}}字符串{ = src; system.out.println(“ xss --- temp->”+src); src = src.ReplaceAll(“ <”,“ <”)。替换(“>”,“”>“); // if(src.indexof(“ address”)== -1)// {src = src.replaceall(“ //(“”,“,”(“).replaceall(”).replaceall(“ //)”,“,”); //} src = src = src = src.replaceall(模式模式= pattern.compile(“(“(eval //(。(”:(.*)//)|脚本)”,pattern.case_insistive); Matcher Matcher = pattern.matcher(src); src = matcher.replaceAll(“”);模式= pattern.compile(“ [///“ //”] [// s]*javascript:(。 matcher = pattern.matcher(src); src = matcher.replaceAll(“/”/“”); //增加脚本src = src.replaceAll(“脚本”,“”).replaceAll(“;”,“”).replaceAll(“/”/“”,“”).replaceAll(“@”,“”).replaceAll(“”).replaceAll(“ 0x0d”,“ 0x0d”,“”,“”).replacealllllleall(“ 0x00” 0X00A,“”,“”。 “”);如果(! =src; src = src.replaceAll("insert", "forbidI") .replaceAll("select", "forbidS") .replaceAll("update", "forbidU") .replaceAll("delete", "forbidD") .replaceAll("and", "forbidA") .replaceAll("or", “ forbido”); if(!XML配置:
<filts> <Filter-name> XSSFILTER </FILFE-NAME> <Filter-Class> cn.com.jsoft.xss.xss.xssfilter </filter-class </filter-class> <Init-param> <param-name>编码</param-name> <par AM-VALUE> UTF-8 </param-Value> </init-Param> </filter> <滤波器> <filter-name> xssfilter </filter-name> <url-pattern>/*</url-pattern>/*</url-pattern> </url-pattern> </filter-mapping>
以上代码仅仅将特殊的sql字符,特殊脚本脚本字符处理掉,具体的页面处理还需要后台处理!!,具体的页面处理还需要后台处理!!
关于这篇java过滤器滤波器防sql注入的实现代码就是小编分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持武林网。,也希望大家多多支持武林网。