40 lines
1.0 KiB
Java
40 lines
1.0 KiB
Java
package com.ruoyi.common.xss;
|
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletRequestWrapper;
|
|
import org.jsoup.Jsoup;
|
|
import org.jsoup.safety.Whitelist;
|
|
|
|
/**
|
|
* XSS过滤处理
|
|
*
|
|
* @author ruoyi
|
|
*/
|
|
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
|
|
{
|
|
/**
|
|
* @param request
|
|
*/
|
|
public XssHttpServletRequestWrapper(HttpServletRequest request)
|
|
{
|
|
super(request);
|
|
}
|
|
|
|
@Override
|
|
public String[] getParameterValues(String name)
|
|
{
|
|
String[] values = super.getParameterValues(name);
|
|
if (values != null)
|
|
{
|
|
int length = values.length;
|
|
String[] escapseValues = new String[length];
|
|
for (int i = 0; i < length; i++)
|
|
{
|
|
// 防xss攻击和过滤前后空格
|
|
escapseValues[i] = Jsoup.clean(values[i], Whitelist.relaxed()).trim();
|
|
}
|
|
return escapseValues;
|
|
}
|
|
return super.getParameterValues(name);
|
|
}
|
|
} |