spring mvc enctype=multipart/form-data 引數過濾
阿新 • • 發佈:2019-02-18
當表單的enctype=multipart/form-data時,一般的過濾器無法獲取引數,所以
在springmvc配置檔案註解介面卡
把
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter
改
com.zcj.MyAnnotationMethodHandlerAdapter,
這個類是繼承spring的AnnotationMethodHandlerAdapter,重寫ModelAndView handle(HttpServletRequest request,HttpServletResponse response, Object handler) 方法實現過濾.
package com.zcj; import java.util.LinkedHashMap; import java.util.Map; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter; public class MyAnnotationMethodHandlerAdapter extends AnnotationMethodHandlerAdapter { private static Map<String,String> xssMap = new LinkedHashMap<String,String>(); { // 含有指令碼: script xssMap.put("[s|S][c|C][r|R][i|C][p|P][t|T]", ""); // 含有指令碼 javascript xssMap.put("[\\\"\\\'][\\s]*[j|J][a|A][v|V][a|A][s|S][c|C][r|R][i|I][p|P][t|T]:(.*)[\\\"\\\']", "\"\""); // 含有函式: eval xssMap.put("[e|E][v|V][a|A][l|L]\\((.*)\\)", ""); } /** * 清除惡意的XSS指令碼 * * @param value * @return */ private String myCleanXSS(String value) { Set<String> keySet = xssMap.keySet(); for (String key : keySet) { String v = xssMap.get(key); value = value.replaceAll(key, v); } return value; } private void myXss(HttpServletRequest request){ Map map = request.getParameterMap(); Set<String> keySet = map.keySet(); for(String key : keySet){ String[] values = request.getParameterValues(key); if(values!=null&&values.length>0){ for(int i=0 ;i<values.length;i++){ if(!StringUtils.isBlank(values[i])){ values[i] = myCleanXSS(values[i]); } } } } } @Override public ModelAndView handle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if("/article/addOrUpdateArticle".equals(request.getRequestURI())){ myXss(request); } return super.handle(request, response, handler); } }