1. Write a filter to handle escape characters to prevent SQL injection
Package com.xinrui.flower.filter;
Import java.io.IOException;
Import Javax.servlet.Filter;
Import Javax.servlet.FilterChain;
Import Javax.servlet.FilterConfig;
Import javax.servlet.ServletException;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
/**
* *
creation time: February 23, 2016 PM 1:34:04
* Project name: Flower
* @author Liang Zhicheng
* @version 1.0 *
@since JDK 1.8.0_21
* file name: Xssfilter.java
* Class Description: XSS Cross script attack filter/
public
class Xssfilter implements filter {
@Override public
Void Destroy () {
}
@Override
the public void Dofilter (ServletRequest request). Servletresponse response,
Filterchain chain) throws IOException, servletexception {
chain.dofilter (Request , response);
}
@Override public
void init (Filterconfig arg0) throws servletexception {
}
}
Package com.xinrui.flower.filter;
Import Javax.servlet.http.HttpServletRequest;
Import Javax.servlet.http.HttpServletRequestWrapper; /** * * Creation Date: March 1, 2016 5:51:06 * Project name: Flower * @author Liang Zhicheng * @version 1.0 * @since JDK 1.8.0_21 * file name: Xsshttpse Rvletrequestwraper.java * Class Description: Handle escape characters to prevent SQL injection/public class Xsshttpservletrequestwraper extends
Httpservletrequestwrapper {public xsshttpservletrequestwraper (HttpServletRequest request) {super (request);
@Override public string GetParameter (string name) {return CLEARXSS (Super.getparameter (name));
@Override public string GetHeader (string name) {return CLEARXSS (Super.getheader (name)); @Override public string[] Getparametervalues (String name) {//escape character in the processing path string[] values = sup
Er.getparametervalues (name);
string[] NewValues = new String[values.length]; for (int i = 0; i < values.length i++) {Newvalues[i] = CLEARXSS (Values[i]);
return newvalues; //Clear Escape Character public string Clearxss (string value) {if (value = NULL | |) in path
"". Equals (value)) {return value; The value = Value.replaceall ("<", "<").
ReplaceAll (">", ">"); Value = Value.replaceall ("\", "& #40;").
Replace ("\ \)", "& #41;");
Value = Value.replaceall ("'", "& #39;");
Value = Value.replaceall ("eval\\ ((. *) \)", "");
Value = Value.replaceall ("[\\\" \\\ '][\\s]*javascript: (. *) [\\\ ' \\\ '] "," \ "\");
Value = Value.replace ("Script", "");
return value;
}
}
2. Register the filter in Web.xml
<!--Configure anti-SQL injection filter-->
<filter>
<filter-name>XssFilter</filter-name>
< filter-class>com.xinrui.flower.filter.xssfilter</filter-class>
</filter>
< filter-mapping>
<filter-name>XssFilter</filter-name>
<url-pattern>/*</ Url-pattern>
</filter-mapping>