Ants Class: springboot filter (rewrite getParameter)

// rewrite HttpServletRequestWrapper prevent XSS attacks public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {       private HttpServletRequest request;         /**        * @param request        */       public XssHttpServletRequestWrapper(HttpServletRequest request) {             super(request);             this.request = request;       }         @Override       public String getParameter(String name) {             // getParameter filter parameters to check for special characters             String value = super.getParameter(name);             System.out.println("value:" + value);             if (!StringUtils.isEmpty(value)) {                   // 将中文转换为字符编码格式，将特殊字符变为html源代码保存                   value = StringEscapeUtils.escapeHtml(value);                   System.out.println("newValue:" + value);             }             return value;       }   }

 

// 重写HttpServletRequestWrapper 防止XSS攻击 public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {       private HttpServletRequest request;         /**        * @param request        */       public XssHttpServletRequestWrapper(HttpServletRequest request) {             super(request);             this.request = request;       }         @Override       public String getParameter(String name) {             // 过滤getParameter参数 检查是否有特殊字符             String value = super.getParameter(name);             System.out.println("value:" + value);             if (!StringUtils.isEmpty(value)) {                   // 将中文转换为字符编码格式，将特殊字符变为html源代码保存                   value = StringEscapeUtils.escapeHtml(value);                   System.out.println("newValue:" + value);             }             return value;       }   }

SpringBoot启动加上@ServletComponentScan

@SpringBootApplication @ServletComponentScan public class App {         public static void main(String[] args) {             SpringApplication.run(App.class, args);       }   }