標籤:blog http java 使用 strong 檔案
一概念
1防盜鏈
在HTTP協議中,有一個表頭欄位叫referer,採用URL的格式來表示從哪兒連結到當前的網頁或檔案,通過referer,網站可以檢測目標網頁訪問的來源網頁。有了referer跟蹤來源就好辦了,這時就可以通過技術手段來進行處理,一旦檢測到來源不是本站即進行阻止或者返回指定的頁面。
2頁面中的逸出字元
在HTML中,定義逸出字元串的原因有兩個:第一個原因是像“<”和“>”這類符號已經用來表示HTML標籤,因此就不能直接當作文本中的符號來使用。為了在HTML文檔中使用這些符號,就需要定義它的逸出字元串。
| 字元 | 逸出字元 |
| " | " |
| & | & |
| < | < |
| > | > |
| 空格 | |
-------------------------------------------------------------------------------------------------------
2.1防盜鏈的實現
1.tld約束
<tag> <name>referer</name> <tag-class>com.tag.RefererTag</tag-class> <body-content>empty</body-content> <attribute> <name>site</name> <required>true</required> </attribute> <attribute> <name>page</name> <required>true</required> </attribute></tag>
2.實現了簡單Tag介面的自訂Tag處理類
package com.tag;import java.io.IOException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.jsp.JspException;import javax.servlet.jsp.PageContext;import javax.servlet.jsp.SkipPageException;import javax.servlet.jsp.tagext.SimpleTagSupport;public class RefererTag extends SimpleTagSupport{ private String site; private String page; public void setSite(String site) { this.site = site; } public void setPage(String page) { this.page = page; } @Override public void doTag() throws JspException, IOException { PageContext context = (PageContext)this.getJspContext(); HttpServletRequest request = (HttpServletRequest)context.getRequest(); HttpServletResponse response = (HttpServletResponse)context.getResponse(); String referer = request.getHeader("referer"); String path = request.getContextPath(); if(referer==null||referer.startsWith(site)){ if(page.startsWith(path)) response.sendRedirect(page); else if(page.startsWith("/")) response.sendRedirect(path+page); else response.sendRedirect(path+"/"+page); // throw new SkipPageException(); 不執行
// 執行則是jsp片段invoke } } }
3. 頁面引用
------------index.jsp-------------------referer.jsp-----------
4.結果頁面跳轉
-----------------------------------------------------------------------------------------------------------
2.2轉義標籤的實現
1.tld約束
<tag> <name>htmlfilter</name> <tag-class>com.tag.HtmlFilterTag</tag-class> <body-content>scriptless</body-content> <!-- <body-content>tagdependent</body-content> --></tag>
2.自訂Tag處理類(其中Filter方法來自)
apache_tomcat-6.0.39.webapps\examples\WEB-INF\classes.util包
package com.tag;import java.io.IOException;import java.io.StringWriter;import javax.servlet.jsp.JspException;import javax.servlet.jsp.tagext.JspFragment;import javax.servlet.jsp.tagext.SimpleTagSupport;public class HtmlFilterTag extends SimpleTagSupport{ @Override public void doTag() throws JspException, IOException { JspFragment jf = this.getJspBody(); StringWriter content = new StringWriter(); jf.invoke(content); String _content = filter(content.getBuffer().toString()); this.getJspContext().getOut().write(_content); } public static String filter(String message) { if (message == null) return (null); char content[] = new char[message.length()]; message.getChars(0, message.length(), content, 0); StringBuffer result = new StringBuffer(content.length + 50); for (int i = 0; i < content.length; i++) { switch (content[i]) { case ‘<‘: result.append("<"); break; case ‘>‘: result.append(">"); break; case ‘&‘: result.append("&"); break; case ‘"‘: result.append("""); break; default: result.append(content[i]); } } return (result.toString()); } }
3.頁面引用
View Code4.結果展示
5.body-content類型介紹
http://www.cnblogs.com/foreverzd/p/3833252.html
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
