/*
|
* Copyright (c) 2018-2999 广州市蓝海创新科技有限公司 All rights reserved.
|
*
|
* https://www.mall4j.com/
|
*
|
* 未经允许,不可做商业用途!
|
*
|
* 版权所有,侵权必究!
|
*/
|
|
package com.yami.trading.common.xss;
|
|
import cn.hutool.core.util.StrUtil;
|
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequestWrapper;
|
|
/**
|
* xss 攻击过滤
|
* @author lgh
|
*/
|
public class XssWrapper extends HttpServletRequestWrapper {
|
/**
|
* Constructs a request object wrapping the given request.
|
*
|
* @param request The request to wrap
|
* @throws IllegalArgumentException if the request is null
|
*/
|
public XssWrapper(HttpServletRequest request) {
|
super(request);
|
}
|
|
/**
|
* 对数组参数进行特殊字符过滤
|
*/
|
@Override
|
public String[] getParameterValues(String name) {
|
String[] values = super.getParameterValues(name);
|
if (values == null) {
|
return null;
|
}
|
int count = values.length;
|
String[] encodedValues = new String[count];
|
for (int i = 0; i < count; i++) {
|
encodedValues[i] = cleanXSS(values[i]);
|
}
|
return encodedValues;
|
}
|
|
/**
|
* 对参数中特殊字符进行过滤
|
*/
|
@Override
|
public String getParameter(String name) {
|
String value = super.getParameter(name);
|
if (StrUtil.isBlank(value)) {
|
return value;
|
}
|
return cleanXSS(value);
|
}
|
|
/**
|
* 获取attribute,特殊字符过滤
|
*/
|
@Override
|
public Object getAttribute(String name) {
|
Object value = super.getAttribute(name);
|
if (value instanceof String && StrUtil.isNotBlank((String) value)) {
|
return cleanXSS((String) value);
|
}
|
return value;
|
}
|
|
/**
|
* 对请求头部进行特殊字符过滤
|
*/
|
@Override
|
public String getHeader(String name) {
|
String value = super.getHeader(name);
|
if (StrUtil.isBlank(value)) {
|
return value;
|
}
|
return cleanXSS(value);
|
}
|
|
private String cleanXSS(String value) {
|
return XssUtil.clean(value);
|
}
|
}
|
