Struts网站基于Filter的XSS漏洞修复

下面的代码只支持struts2框架中的xss漏洞

第一步,创建过滤器XssFilter :

package com.ulic.ulcif.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import com.ulic.ulcif.requestwrapper.XssHttpServletRequestWrapper; /** * XSS防跨站脚本攻击过滤器 * */ public class XssFilter implements Filter { FilterConfig filterConfig = null; /** * Default constructor. */ public XssFilter() { } public void destroy() { this.filterConfig = null; } public void init(FilterConfig fConfig) throws ServletException { this.filterConfig = fConfig; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request), response); } }

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/zwjyjg.html