使用Decorator模式包装request对象实现html标签转义功能编写一个html转义过滤器。
web.xml
<!--HTML转义-->
<filter>
<filter-name>HtmlFilter</filter-name>
<filter-class>cn.itcast.filter.HtmlFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>HtmlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
编写一个html转义过滤器,代码如下:HtmlFilter
package cn.itcast.filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* Created by yvettee on 2017/10/31.
*/
public class HtmlFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
filterChain.doFilter(new MyRequest(request), response); //request.getParameter("resume"); //<script>
}
class MyRequest extends HttpServletRequestWrapper {
private HttpServletRequest request;
public MyRequest(HttpServletRequest request) {
super(request);
this.request = request;
}
/* 覆盖需要增强的getParameter方法
* @see javax.servlet.ServletRequestWrapper#getParameter(java.lang.String)
*/
@Override
public String getParameter(String name) {
String value = this.request.getParameter(name);
if (value == null) {
return null;
}
//调用filter转义value中的html标签
return filter(value);
}
public String filter(String message) {
if (message == null)
return (null);
char content[] = new char[message.length()];
message.getChars(0, message.length(), content, 0);
StringBuffer result = new StringBuffer(content.length + 50);
for (int i = 0; i < content.length; i++) {
switch (content[i]) {
case '<':
result.append("<");
break;
case '>':
result.append(">");
break;
case '&':
result.append("&");
break;
case '"':
result.append(""");
break;
default:
result.append(content[i]);
}
}
return (result.toString());
}
}
@Override
public void destroy() {
}
}
编写jsp测试页面,如下:
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>$Title$</title>
</head>
<body>
欢迎你:${user.userName}
<form action="${pageContext.request.contextPath}/htmlEscapeServlet" method="post">
<input type="text" name="userName"><br/>
<textarea rows="5" cols="50" name="resume"></textarea><br/>
<input type="submit" value="提交">
</form>
</body>
</html>
编写处理用户请求的ServletDemo1
package cn.itcast.servlet;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* Created by yvettee on 2017/10/31.
*/
@WebServlet(name = "HtmlEscapeServlet", urlPatterns = "/htmlEscapeServlet")
public class HtmlEscapeServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String userName = request.getParameter("userName");
String resume = request.getParameter("resume"); //<script>
response.getWriter().write(resume);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
}
源代码:https://github.com/yvettee36/FilterBase
上篇:Filter高级开发-增强request
下篇:敏感词过滤器
网友评论