package cn.palmte.work.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    HttpServletRequest originRequest = null;

    public XssHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
        originRequest = request;
    }

    /** 
    * 覆盖getParameter方法，将参数名和参数值都做xss过滤。<br/> 
    * 如果需要获得原始的值，则通过super.getParameterValues(name)来获取<br/> 
    * getParameterNames,getParameterValues和getParameterMap也可能需要覆盖 
    */  
    @Override  
    public String getParameter(String name) {
        String parameter = super.getParameter(name);
        return UrlUtil.replaceSpecialChar(parameter);
    }

    @Override
    public String[] getParameterValues(String name) {
        String[] arr = super.getParameterValues(name);
        if(arr != null){
            for (int i=0;i<arr.length;i++) {
                arr[i] = UrlUtil.replaceSpecialChar(arr[i]);
            }
        }
        return arr;
    }


    @Override
    public String getHeader(String name) {  
        String value = super.getHeader(name);
        return UrlUtil.replaceSpecialChar(value);
    }  

    /** 
    * 获取最原始的request 
    */
    public HttpServletRequest getOriginRequest() {
        return originRequest;
    }  

}