2. 程式人生 > >springMVC利用過濾器防止xss攻擊

springMVC利用過濾器防止xss攻擊

阿新 發佈:2019-01-22

轉載地址http://blog.csdn.net/catoop/article/details/50338259

一、什麼是XSS攻擊 
XSS是一種經常出現在web應用中的電腦保安漏洞,它允許惡意web使用者將程式碼植入到提供給其它使用者使用的頁面中。比如這些程式碼包括HTML程式碼和客戶端指令碼。攻擊者利用XSS漏洞旁路掉訪問控制——例如同源策略(same origin policy)。這種型別的漏洞由於被黑客用來編寫危害性更大的網路釣魚(Phishing)攻擊而變得廣為人知。對於跨站指令碼攻擊,黑客界共識是:跨站指令碼攻擊是新型的“緩衝區溢位攻擊“,而JavaScript是新型的“ShellCode”。

二、XSS漏洞的危害 
(1)網路釣魚,包括盜取各類使用者賬號; 
(2)竊取使用者cookies資料,從而獲取使用者隱私資訊,或利用使用者身份進一步對網站執行操作; 
(3)劫持使用者(瀏覽器)會話,從而執行任意操作,例如進行非法轉賬、強制發表日誌、傳送電子郵件等; 
(4)強制彈出廣告頁面、刷流量等; 
(5)網頁掛馬; 
(6)進行惡意操作,例如任意篡改頁面資訊、刪除文章等; 
(7)進行大量的客戶端攻擊,如DDoS攻擊; 
(8)獲取客戶端資訊,例如使用者的瀏覽歷史、真實IP、開放埠等; 
(9)控制受害者機器向其他網站發起攻擊; 
(10)結合其他漏洞,如CSRF漏洞,實施進一步作惡; 
(11)提升使用者許可權,包括進一步滲透網站; 
(12)傳播跨站指令碼蠕蟲等; 
……

三、如何編寫程式碼來避免 
如下程式碼可以避免XSS注入,但是作者因知識面有限,故不能保證100%能完全將XSS攻擊者拒之門外,還需大家根據實際情況進行優化和改進。 
既然我們通過程式碼來解決問題,就儘可能的不涉及開發人員的對原有程式碼修改,所以我們增加過濾器來攔截處理,本文原有框架使用springmvc。 
1、IllegalCharacterFilter.java

<code class="hljs java has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-top-left-radius: 0px; border-top-right-radius: 0px; border-bottom-right-radius: 0px; border-bottom-left-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">package</span> com.lenovo.common.filter;

<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> java.io.IOException;

<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> javax.servlet.Filter;
<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> javax.servlet.FilterChain;
<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> javax.servlet.FilterConfig;
<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> javax.servlet.ServletException;
<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> javax.servlet.ServletRequest;
<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> javax.servlet.ServletResponse;
<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> javax.servlet.http.HttpServletRequest;

<span class="hljs-javadoc" style="color: rgb(136, 0, 0); box-sizing: border-box;">/**
 * 非法字元過濾器,用來處理request.getParamater中的非法字元。如<script>alert('123');</script>
 * 
 *<span class="hljs-javadoctag" style="color: rgb(102, 0, 102); box-sizing: border-box;"> @author</span> 單紅宇(365384722)
 *<span class="hljs-javadoctag" style="color: rgb(102, 0, 102); box-sizing: border-box;"> @myblog</span> http://blog.csdn.net/catoop/
 *<span class="hljs-javadoctag" style="color: rgb(102, 0, 102); box-sizing: border-box;"> @create</span> 2015年9月18日
 */</span>
<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> <span class="hljs-class" style="box-sizing: border-box;"><span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">class</span> <span class="hljs-title" style="box-sizing: border-box; color: rgb(102, 0, 102);">IllegalCharacterFilter</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">implements</span> <span class="hljs-title" style="box-sizing: border-box; color: rgb(102, 0, 102);">Filter</span> {</span>

    <span class="hljs-annotation" style="color: rgb(155, 133, 157); box-sizing: border-box;">@Override</span>
    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">void</span> <span class="hljs-title" style="box-sizing: border-box;">init</span>(FilterConfig filterConfig) <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">throws</span> ServletException {

    }

    <span class="hljs-annotation" style="color: rgb(155, 133, 157); box-sizing: border-box;">@Override</span>
    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">void</span> <span class="hljs-title" style="box-sizing: border-box;">doFilter</span>(ServletRequest req, ServletResponse res,
            FilterChain chain) <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">throws</span> IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest)req;
        request = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> MHttpServletRequest(request);
        chain.doFilter(request, res);
    }

    <span class="hljs-annotation" style="color: rgb(155, 133, 157); box-sizing: border-box;">@Override</span>
    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">void</span> <span class="hljs-title" style="box-sizing: border-box;">destroy</span>() {

    }

}
</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li><li style="box-sizing: border-box; padding: 0px 5px;">20</li><li style="box-sizing: border-box; padding: 0px 5px;">21</li><li style="box-sizing: border-box; padding: 0px 5px;">22</li><li style="box-sizing: border-box; padding: 0px 5px;">23</li><li style="box-sizing: border-box; padding: 0px 5px;">24</li><li style="box-sizing: border-box; padding: 0px 5px;">25</li><li style="box-sizing: border-box; padding: 0px 5px;">26</li><li style="box-sizing: border-box; padding: 0px 5px;">27</li><li style="box-sizing: border-box; padding: 0px 5px;">28</li><li style="box-sizing: border-box; padding: 0px 5px;">29</li><li style="box-sizing: border-box; padding: 0px 5px;">30</li><li style="box-sizing: border-box; padding: 0px 5px;">31</li><li style="box-sizing: border-box; padding: 0px 5px;">32</li><li style="box-sizing: border-box; padding: 0px 5px;">33</li><li style="box-sizing: border-box; padding: 0px 5px;">34</li><li style="box-sizing: border-box; padding: 0px 5px;">35</li><li style="box-sizing: border-box; padding: 0px 5px;">36</li><li style="box-sizing: border-box; padding: 0px 5px;">37</li><li style="box-sizing: border-box; padding: 0px 5px;">38</li><li style="box-sizing: border-box; padding: 0px 5px;">39</li><li style="box-sizing: border-box; padding: 0px 5px;">40</li><li style="box-sizing: border-box; padding: 0px 5px;">41</li></ul>

2、MHttpServletRequest.java

<code class="hljs java has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-top-left-radius: 0px; border-top-right-radius: 0px; border-bottom-right-radius: 0px; border-bottom-left-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">package</span> com.lenovo.common.filter;

<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> javax.servlet.http.HttpServletRequest;
<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> javax.servlet.http.HttpServletRequestWrapper;

<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">import</span> com.lenovo.common.utils.XssShieldUtil;

<span class="hljs-javadoc" style="color: rgb(136, 0, 0); box-sizing: border-box;">/**
 * 引數特殊字元過濾
 *
 *<span class="hljs-javadoctag" style="color: rgb(102, 0, 102); box-sizing: border-box;"> @author</span>   單紅宇(365384722)
 *<span class="hljs-javadoctag" style="color: rgb(102, 0, 102); box-sizing: border-box;"> @myblog</span>  http://blog.csdn.net/catoop/
 *<span class="hljs-javadoctag" style="color: rgb(102, 0, 102); box-sizing: border-box;"> @create</span>    2015年9月18日
 */</span>
<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> <span class="hljs-class" style="box-sizing: border-box;"><span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">class</span> <span class="hljs-title" style="box-sizing: border-box; color: rgb(102, 0, 102);">MHttpServletRequest</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">extends</span> <span class="hljs-title" style="box-sizing: border-box; color: rgb(102, 0, 102);">HttpServletRequestWrapper</span> {</span>

    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> <span class="hljs-title" style="box-sizing: border-box;">MHttpServletRequest</span>(HttpServletRequest request) {
        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">super</span>(request);
    }

    <span class="hljs-annotation" style="color: rgb(155, 133, 157); box-sizing: border-box;">@Override</span>
    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> String <span class="hljs-title" style="box-sizing: border-box;">getParameter</span>(String name) {
        <span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">// 返回值之前 先進行過濾</span>
        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">return</span> XssShieldUtil.stripXss(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">super</span>.getParameter(name));
    }

    <span class="hljs-annotation" style="color: rgb(155, 133, 157); box-sizing: border-box;">@Override</span>
    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> String[] <span class="hljs-title" style="box-sizing: border-box;">getParameterValues</span>(String name) {
        <span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">// 返回值之前 先進行過濾</span>
        String[] values = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">super</span>.getParameterValues(name);
        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">if</span>(values != <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">null</span>){
            <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">for</span> (<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">int</span> i = <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">0</span>; i < values.length; i++) {
                values[i] = XssShieldUtil.stripXss(values[i]);
            }
        }
        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">return</span> values;
    }

}
</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li><li style="box-sizing: border-box; padding: 0px 5px;">20</li><li style="box-sizing: border-box; padding: 0px 5px;">21</li><li style="box-sizing: border-box; padding: 0px 5px;">22</li><li style="box-sizing: border-box; padding: 0px 5px;">23</li><li style="box-sizing: border-box; padding: 0px 5px;">24</li><li style="box-sizing: border-box; padding: 0px 5px;">25</li><li style="box-sizing: border-box; padding: 0px 5px;">26</li><li style="box-sizing: border-box; padding: 0px 5px;">27</li><li style="box-sizing: border-box; padding: 0px 5px;">28</li><li style="box-sizing: border-box; padding: 0px 5px;">29</li><li style="box-sizing: border-box; padding: 0px 5px;">30</li><li style="box-sizing: border-box; padding: 0px 5px;">31</li><li style="box-sizing: border-box; padding: 0px 5px;">32</li><li style="box-sizing: border-box; padding: 0px 5px;">33</li><li style="box-sizing: border-box; padding: 0px 5px;">34</li><li style="box-sizing: border-box; padding: 0px 5px;">35</li><li style="box-sizing: border-box; padding: 0px 5px;">36</li><li style="box-sizing: border-box; padding: 0px 5px;">37</li><li style="box-sizing: border-box; padding: 0px 5px;">38</li><li style="box-sizing: border-box; padding: 0px 5px;">39</li><li style="box-sizing: border-box; padding: 0px 5px;">40</li></ul>

3、XssShieldUtil.java

<code class="hljs cs has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-top-left-radius: 0px; border-top-right-radius: 0px; border-bottom-right-radius: 0px; border-bottom-left-radius: 0px; word-wrap: normal; background: transparent;">package com.lenovo.common.utils;

import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.apache.commons.lang.StringUtils;

<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">/**
 * 處理非法字元
 *
 * @author   單紅宇(365384722)
 * @myblog  http://blog.csdn.net/catoop/
 * @create    2015年9月18日
 */</span>
<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">class</span> XssShieldUtil {

    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">private</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">static</span> List<Pattern> patterns = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">null</span>;

    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">private</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">static</span> List<Object[]> <span class="hljs-title" style="box-sizing: border-box;">getXssPatternList</span>() {
        List<Object[]> ret = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> ArrayList<Object[]>();

        ret.add(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> Object[]{<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<(no)?script[^>]*>.*?</(no)?script>"</span>, Pattern.CASE_INSENSITIVE});
        ret.add(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> Object[]{<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"eval\\((.*?)\\)"</span>, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL});
        ret.add(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> Object[]{<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"expression\\((.*?)\\)"</span>, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL});
        ret.add(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> Object[]{<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"(javascript:|vbscript:|view-source:)*"</span>, Pattern.CASE_INSENSITIVE});
        ret.add(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> Object[]{<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<(\"[^\"]*\"|\'[^\']*\'|[^\'\">])*>"</span>, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL});
        ret.add(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> Object[]{<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"(window\\.location|window\\.|\\.location|document\\.cookie|document\\.|alert\\(.*?\\)|window\\.open\\()*"</span>, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL});
        ret.add(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> Object[]{<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<+\\s*\\w*\\s*(oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondblclick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|ondrop|onerror=|onerroupdate|onfilterchange|onfinish|onfocus|onfocusin|onfocusout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture|onmousedown|onmouseenter|onmouseleave|onmousemove|onmousout|onmouseover|onmouseup|onmousewheel|onmove|onmoveend|onmovestart|onabort|onactivate|onafterprint|onafterupdate|onbefore|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|onpaste|onpropertychange|onreadystatechange|onreset|onresize|onresizend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|onsubmit|onunload)+\\s*=+"</span>, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL});
        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">return</span> ret;
    }

    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">private</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">static</span> List<Pattern> <span class="hljs-title" style="box-sizing: border-box;">getPatterns</span>() {

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">if</span> (patterns == <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">null</span>) {

            List<Pattern> list = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">new</span> ArrayList<Pattern>();

            String regex = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">null</span>;
            Integer flag = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">null</span>;
            <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">int</span> arrLength = <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">0</span>;

            <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">for</span>(Object[] arr : getXssPatternList()) {
                arrLength = arr.length;
                <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">for</span>(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">int</span> i = <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">0</span>; i < arrLength; i++) {
                    regex = (String)arr[<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">0</span>];
                    flag = (Integer)arr[<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1</span>];
                    list.add(Pattern.compile(regex, flag));
                }
            }

            patterns = list;
        }

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">return</span> patterns;
    }

    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">static</span> String <span class="hljs-title" style="box-sizing: border-box;">stripXss</span>(String <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span>) {
        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">if</span>(StringUtils.isNotBlank(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span>)) {

            Matcher matcher = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">null</span>;

            <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">for</span>(Pattern pattern : getPatterns()) {
                matcher = pattern.matcher(<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span>);
                <span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">//해당하는 패턴이 있으면</span>
                <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">if</span>(matcher.find()) {
                    <span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">//해당 문자열 제거</span>
                    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = matcher.replaceAll(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">""</span>);
                }
            }

            <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span>.replaceAll(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<"</span>, <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"&lt;"</span>).replaceAll(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">">"</span>, <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"&gt;"</span>);
        }

<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">//      if (LOG.isDebugEnabled())</span>
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">//          LOG.debug("strip value: " + value);</span>

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">return</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span>;
    }


    <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">public</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">static</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">void</span> <span class="hljs-title" style="box-sizing: border-box;">main</span>(String[] args) {

        String <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">null</span>;
        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<script language=text/javascript>alert(document.cookie);</script>"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-1: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<script src='' onerror='alert(document.cookie)'></script>"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-2: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"</script>"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-3: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">" eval(abc);"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-4: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">" expression(abc);"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-5: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<img src='' onerror='alert(document.cookie);'></img>"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-6: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<img src='' onerror='alert(document.cookie);'/>"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-7: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<img src='' onerror='alert(document.cookie);'>"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-8: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<script language=text/javascript>alert(document.cookie);"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-9: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<script>window.location='url'"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-10: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">" onload='alert(\"abc\");"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-11: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<img src=x<!--'<\"-->>"</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-12: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);

        <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> = XssShieldUtil.stripXss(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"<=img onstop="</span>);
        System.<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">out</span>.println(<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type-13: '"</span> + <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">value</span> + <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"'"</span>);


    }
}
</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li><li style="box-sizing: border-box; padding: 0px 5px;">20</li><li style="box-sizing: border-box; padding: 0px 5px;">21</li><li style="box-sizing: border-box; padding: 0px 5px;">22</li><li style="box-sizing: border-box; padding: 0px 5px;">23</li><li style="box-sizing: border-box; padding: 0px 5px;">24</li><li style="box-sizing: border-box; padding: 0px 5px;">25</li><li style="box-sizing: border-box; padding: 0px 5px;">26</li><li style="box-sizing: border-box; padding: 0px 5px;">27</li><li style="box-sizing: border-box; padding: 0px 5px;">28</li><li style="box-sizing: border-box; padding: 0px 5px;">29</li><li style="box-sizing: border-box; padding: 0px 5px;">30</li><li style="box-sizing: border-box; padding: 0px 5px;">31</li><li style="box-sizing: border-box; padding: 0px 5px;">32</li><li style="box-sizing: border-box; padding: 0px 5px;">33</li><li style="box-sizing: border-box; padding: 0px 5px;">34</li><li style="box-sizing: border-box; padding: 0px 5px;">35</li><li style="box-sizing: border-box; padding: 0px 5px;">36</li><li style="box-sizing: border-box; padding: 0px 5px;">37</li><li style="box-sizing: border-box; padding: 0px 5px;">38</li><li style="box-sizing: border-box; padding: 0px 5px;">39</li><li style="box-sizing: border-box; padding: 0px 5px;">40</li><li style="box-sizing: border-box; padding: 0px 5px;">41</li><li style="box-sizing: border-box; padding: 0px 5px;">42</li><li style="box-sizing: border-box; padding: 0px 5px;">43</li><li style="box-sizing: border-box; padding: 0px 5px;">44</li><li style="box-sizing: border-box; padding: 0px 5px;">45</li><li style="box-sizing: border-box; padding: 0px 5px;">46</li><li style="box-sizing: border-box; padding: 0px 5px;">47</li><li style="box-sizing: border-box; padding: 0px 5px;">48</li><li style="box-sizing: border-box; padding: 0px 5px;">49</li><li style="box-sizing: border-box; padding: 0px 5px;">50</li><li style="box-sizing: border-box; padding: 0px 5px;">51</li><li style="box-sizing: border-box; padding: 0px 5px;">52</li><li style="box-sizing: border-box; padding: 0px 5px;">53</li><li style="box-sizing: border-box; padding: 0px 5px;">54</li><li style="box-sizing: border-box; padding: 0px 5px;">55</li><li style="box-sizing: border-box; padding: 0px 5px;">56</li><li style="box-sizing: border-box; padding: 0px 5px;">57</li><li style="box-sizing: border-box; padding: 0px 5px;">58</li><li style="box-sizing: border-box; padding: 0px 5px;">59</li><li style="box-sizing: border-box; padding: 0px 5px;">60</li><li style="box-sizing: border-box; padding: 0px 5px;">61</li><li style="box-sizing: border-box; padding: 0px 5px;">62</li><li style="box-sizing: border-box; padding: 0px 5px;">63</li><li style="box-sizing: border-box; padding: 0px 5px;">64</li><li style="box-sizing: border-box; padding: 0px 5px;">65</li><li style="box-sizing: border-box; padding: 0px 5px;">66</li><li style="box-sizing: border-box; padding: 0px 5px;">67</li><li style="box-sizing: border-box; padding: 0px 5px;">68</li><li style="box-sizing: border-box; padding: 0px 5px;">69</li><li style="box-sizing: border-box; padding: 0px 5px;">70</li><li style="box-sizing: border-box; padding: 0px 5px;">71</li><li style="box-sizing: border-box; padding: 0px 5px;">72</li><li style="box-sizing: border-box; padding: 0px 5px;">73</li><li style="box-sizing: border-box; padding: 0px 5px;">74</li><li style="box-sizing: border-box; padding: 0px 5px;">75</li><li style="box-sizing: border-box; padding: 0px 5px;">76</li><li style="box-sizing: border-box; padding: 0px 5px;">77</li><li style="box-sizing: border-box; padding: 0px 5px;">78</li><li style="box-sizing: border-box; padding: 0px 5px;">79</li><li style="box-sizing: border-box; padding: 0px 5px;">80</li><li style="box-sizing: border-box; padding: 0px 5px;">81</li><li style="box-sizing: border-box; padding: 0px 5px;">82</li><li style="box-sizing: border-box; padding: 0px 5px;">83</li><li style="box-sizing: border-box; padding: 0px 5px;">84</li><li style="box-sizing: border-box; padding: 0px 5px;">85</li><li style="box-sizing: border-box; padding: 0px 5px;">86</li><li style="box-sizing: border-box; padding: 0px 5px;">87</li><li style="box-sizing: border-box; padding: 0px 5px;">88</li><li style="box-sizing: border-box; padding: 0px 5px;">89</li><li style="box-sizing: border-box; padding: 0px 5px;">90</li><li style="box-sizing: border-box; padding: 0px 5px;">91</li><li style="box-sizing: border-box; padding: 0px 5px;">92</li><li style="box-sizing: border-box; padding: 0px 5px;">93</li><li style="box-sizing: border-box; padding: 0px 5px;">94</li><li style="box-sizing: border-box; padding: 0px 5px;">95</li><li style="box-sizing: border-box; padding: 0px 5px;">96</li><li style="box-sizing: border-box; padding: 0px 5px;">97</li><li style="box-sizing: border-box; padding: 0px 5px;">98</li><li style="box-sizing: border-box; padding: 0px 5px;">99</li><li style="box-sizing: border-box; padding: 0px 5px;">100</li><li style="box-sizing: border-box; padding: 0px 5px;">101</li><li style="box-sizing: border-box; padding: 0px 5px;">102</li><li style="box-sizing: border-box; padding: 0px 5px;">103</li><li style="box-sizing: border-box; padding: 0px 5px;">104</li><li style="box-sizing: border-box; padding: 0px 5px;">105</li><li style="box-sizing: border-box; padding: 0px 5px;">106</li><li style="box-sizing: border-box; padding: 0px 5px;">107</li><li style="box-sizing: border-box; padding: 0px 5px;">108</li><li style="box-sizing: border-box; padding: 0px 5px;">109</li><li style="box-sizing: border-box; padding: 0px 5px;">110</li><li style="box-sizing: border-box; padding: 0px 5px;">111</li><li style="box-sizing: border-box; padding: 0px 5px;">112</li><li style="box-sizing: border-box; padding: 0px 5px;">113</li><li style="box-sizing: border-box; padding: 0px 5px;">114</li><li style="box-sizing: border-box; padding: 0px 5px;">115</li><li style="box-sizing: border-box; padding: 0px 5px;">116</li><li style="box-sizing: border-box; padding: 0px 5px;">117</li><li style="box-sizing: border-box; padding: 0px 5px;">118</li><li style="box-sizing: border-box; padding: 0px 5px;">119</li><li style="box-sizing: border-box; padding: 0px 5px;">120</li><li style="box-sizing: border-box; padding: 0px 5px;">121</li><li style="box-sizing: border-box; padding: 0px 5px;">122</li><li style="box-sizing: border-box; padding: 0px 5px;">123</li><li style="box-sizing: border-box; padding: 0px 5px;">124</li><li style="box-sizing: border-box; padding: 0px 5px;">125</li><li style="box-sizing: border-box; padding: 0px 5px;">126</li><li style="box-sizing: border-box; padding: 0px 5px;">127</li><li style="box-sizing: border-box; padding: 0px 5px;">128</li></ul>

4、web.xml 配置

<code class="hljs xml has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-top-left-radius: 0px; border-top-right-radius: 0px; border-bottom-right-radius: 0px; border-bottom-left-radius: 0px; word-wrap: normal; background: transparent;">    <span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"><!-- 非法引數過濾器 --></span>
    <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"><<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">filter</span>></span>
        <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"><<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">filter-name</span>></span>IllegalCharacterFilter<span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"></<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">filter-name</span>></span>
        <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"><<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">filter-class</span>></span>com.lenovo.common.filter.IllegalCharacterFilter<span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"></<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">filter-class</span>></span>
    <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"></<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">filter</span>></span>
    <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"><<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">filter-mapping</span>></span>
        <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"><<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">filter-name</span>></span>IllegalCharacterFilter<span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"></<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">filter-name</span>></span>
        <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"><<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">url-pattern</span>></span>*.do<span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"></<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">url-pattern</span>></span>
    <span class="hljs-tag" style="color: rgb(0, 102, 102); box-sizing: border-box;"></<span class="hljs-title" style="box-sizing: border-box; color: rgb(0, 0, 136);">filter-mapping</span>></span></code>

相關推薦

springMVC利用過濾器防止xss攻擊

轉載地址http://blog.csdn.net/catoop/article/details/50338259 一、什麼是XSS攻擊  XSS是一種經常出現在web應用中的電腦保安漏洞,它允許惡意web使用者將程式碼植入到提供給其它使用者使用的頁面中。比如這些程式碼包

Java Web使用過濾器防止Xss攻擊,解決Xss漏洞

web.xml新增過濾器 <!-- 解決xss漏洞 --> <filter> <filter-name>xssFilter</filter-nam

SpringMVC防止XSS攻擊

XSS全稱為跨站指令碼攻擊 , 具體見百度百科 最常見的是用Filter來預防 , 就是建立一個新的httpRequest類XsslHttpServletRequestWrapper,然後重寫一些get方法(獲取引數時對引數進行XSS判斷預防). 1 . 在web.xm

SpringMVC 跨站指令碼攻擊防護(防止XSS攻擊

SpringMVC 跨站指令碼攻擊防護(防止XSS攻擊) 定義一個基礎controller import org.springframework.beans.propertyeditors.StringTrimmerEditor; import org.springfr

開啟CSP網頁安全政策防止XSS攻擊

使用 interval party tex cnblogs png 內嵌腳本 target span 一、簡介   CSP是網頁安全政策(Content Security Policy)的縮寫。是一種由開發者定義的安全性政策申明,通過CSP所約束的責任指定可信的內容來源,

特殊字符的過濾,防止xss攻擊

factor change 源碼 ive ride ray react list css 概念 XSS攻擊全稱跨站腳本攻擊,是為不和層疊樣式表(Cascading Style Sheets, CSS)的縮寫混淆,故將跨站腳本攻擊縮寫為XSS,XSS是一種在web應用中的計算

java 防止xss攻擊

urn .cn lee lan 轉義 chain archive quest itl http://www.cnblogs.com/TankXiao/archive/2012/03/21/2337194.html#xsshappen 這裏說下最近項目中我們的解決方案,

CodeIgniter 防止XSS攻擊

rip file input 默認 嘗試 應該 而是 data scrip CodeIgniter 包含了跨站腳本攻擊的防禦機制,它可以自動地對所有POST以及COOKIE數據進行過濾,或者您也可以針對單個項目來運行它。默認情況下,它 不會 全局運行,因為這樣也需要一些執行

mysql-防止XSS攻擊

xss攻擊 style -s 查詢 cut 參數化查詢 pre mysql 數據庫 1,防止Xss攻擊 數據庫查詢數據操作,為了防止註入,要執行參數化查詢,也就是直接利用execute直接進行sql語句的執行, 因為exexute本身就有接收語句變量的參數位, exe

微軟AntiXSS防止xss攻擊類庫

輸入 添加 lan 轉義 visual class cin java 最新 AntiXSS,由微軟推出的用於防止XSS攻擊的一個類庫,可實現輸入白名單機制和輸出轉義。 AntiXSS最新版的下載地址:http://wpl.codeplex.com 下載安裝

變量安全過濾,防止xss攻擊

轉義 javascrip dai post ash time return 空格 去除 下面這個方法不管是字符串還是數組,都可以進行過濾 /** * @purpose : 對變量進行安全過濾,使 $_GET、$_POST、$q->record 等變量更安全

Java防止XSS攻擊

stream false end public catch while one 數據 tro 方法一: 1.添加XssFilter @Configuration public class XssFilter implements Filter { @Overr

java 防止 XSS 攻擊的常用方法

javax 編程 cape sap ins servlet space javascrip throws 1. 自己寫 filter 攔截來實現,但要註意的時,在WEB.XML 中配置 filter 的時候,請將這個 filter 放在第一位.2. 采用開源的實現 ESAP

php 防止XSS攻擊

// 其實就是過濾從表單提交來的資料,使用php過濾函式就可以達到很好的目的。 if (isset($_POST['name'])){ $str = trim($_POST['name']); //清理空格 $str = strip_

使用HTML Purifier防止xss攻擊

下載地址:http://htmlpurifier.org/download 在程式設計開發時安全問題是及其重要的,對於使用者提交的資料要進行過濾,XSS就是需要重視的一點,先說一下什麼是XSS,簡單來說就是使用者提交資料(例如發 表評論,發表日誌)時往Web頁面裡插入惡意javascript

前端安全系列(一):如何防止XSS攻擊

前端安全 隨著網際網路的高速發展,資訊保安問題已經成為企業最為關注的焦點之一,而前端又是引發企業安全問題的高危據點。在移動網際網路時代,前端人員除了傳統的 XSS、CSRF 等安全問題之外,又時常遭遇網路劫持、非法呼叫 Hybrid API 等新型安全問題。當然

防止XSS攻擊的方案

防止XSS攻擊 Cookie 的HttpOnly屬性 Cookie 的HttpOnly屬性是Cookie的擴充套件功能,它使JavaScript指令碼無法獲得Cookie。其主要目的為防止跨站指令碼攻擊(Cross-site scripting, XSS)對Cookie

django 防止xss攻擊標記為安全的二種方法

str='<a href="/page?page=1">1</a>' 一,在前端模板語言中實現,只須用到幫助函式safe.如:   {{ str|safe }}   二,在後端views中實現:   from django.utils.safestring impo

springboot 實現防止xss攻擊和sql注入

一、xss攻擊和sql注入(可以使用IBM安全漏洞掃描工具) (1)XSS(Cross Site Scripting),即跨站指令碼攻擊,是一種常見於web application中的電腦保安漏洞。XSS通過在使用者端注入惡意的可執行指令碼,若伺服器端對使用者輸入不進行處理,直接將使用者輸入

java介面防止XSS攻擊的常用方法總結

在前面的一篇文章中,講到了java web應用程式防止 csrf 攻擊的方法,參考這裡 java網頁程式採用 spring 防止 csrf 攻擊. ,但這只是攻擊的一種方式,還有其他方式,比如今天要記錄的 XSS 攻擊, XSS 攻擊的專業解釋,可以在網上搜索一下,參考百度百