public class Test02 {
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.opensymphony.webwork.ServletActionContext;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.Interceptor;
public class XssInterceptor implements Interceptor {
/**
*
*/
private static final long serialVersionUID = -6732277495928277831L;
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void init() {
// TODO Auto-generated method stub
}
@Override
public String intercept(ActionInvocation invocation) throws Exception {
HttpServletRequest req = ServletActionContext.getRequest();
HttpServletResponse resp = ServletActionContext.getResponse();
String url = req.getRequestURI();
Map parameterMap = req.getParameterMap();
if (!url.contains("/manage/") && !url.contains("/port/") && !url.contains("/wap")
&& !url.contains("/pay/") && !url.contains("/jhpay/")) {
Enumeration<?> e = req.getParameterNames();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
String value = req.getParameter(name);
value = htmlEncode(value);
// System.out.println(HtmlUtils.htmlEscape(value));
// System.out.println("截取到的value值是:name:"+name+" - value:"+value);
if (null != value && // !req.getRequestDispatcher("").toString().contains("/manage/")&&
(value.contains("<") || value.contains(">") || value.contains("\"")
|| value.contains("alert") || value.contains("script")
|| value.contains("eval") || value.contains("\\u003E")
|| value.contains("\\u003C") || value.contains("'")
|| value.contains("redirect") ||
value.contains("iframe"))) {
// 跳转到登陆页面 index.jsp在webRoot根目录下
resp.sendRedirect("http://www.nxzhly.com/index.htm");
return null;
}
}
Iterator entries = parameterMap.entrySet().iterator();
while (entries.hasNext()) {
Map.Entry entry = (Map.Entry) entries.next();
String value = ((String[])entry.getValue())[0];
if ((value.contains("redirect:")) || (value.contains("redirectAction:"))
|| (value.contains("action:")) || (value.contains("<"))
|| value.contains("<") || value.contains(">") || value.contains("\"")
|| value.contains("alert") || value.contains("script")
|| value.contains("eval") || value.contains("\\u003E")
|| value.contains("\\u003C") || value.contains("'")
|| value.contains("redirect") ||
value.contains("iframe")) {
HttpServletResponse res = (HttpServletResponse) resp;
res.sendRedirect("http://www.nxzhly.com/index.htm");
return null;
}
}
}
return invocation.invoke();
}
public static String htmlEncode(String str) {
if (str == null || str.trim().equals(""))
return str;
StringBuilder encodeStrBuilder = new StringBuilder();
for (int i = 0, len = str.length(); i < len; i++) {
encodeStrBuilder.append(htmlEncode(str.charAt(i)));
}
return encodeStrBuilder.toString();
}
private static String htmlEncode(char c) {
switch (c) {
case '&':
return "&";
case '<':
return "<";
case '>':
return ">";
case '"':
return """;
case ' ':
return " ";
default:
return c + "";
}
}
}
}