Package net.mingsoft.basic.filter

Class XssHttpServletRequestWrapper

java.lang.Object
jakarta.servlet.ServletRequestWrapper
jakarta.servlet.http.HttpServletRequestWrapper
net.mingsoft.basic.filter.XssHttpServletRequestWrapper
All Implemented Interfaces:
jakarta.servlet.http.HttpServletRequest, jakarta.servlet.ServletRequest
public class XssHttpServletRequestWrapper extends jakarta.servlet.http.HttpServletRequestWrapper
XSS 过滤器 用于请求参数的脚本数据

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static cn.hutool.cache.impl.TimedCache<String,Boolean>
    TIMED_REQ_CACHE
     
    static cn.hutool.cache.impl.TimedCache<String,Integer>
    TIMED_XSS_CACHE
     

    Fields inherited from interface jakarta.servlet.http.HttpServletRequest

    BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

  • Constructor Summary

    Constructors
    Constructor
    Description
    XssHttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequest request)
     
    XssHttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequest request, List<String> excludesFiled)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    jakarta.servlet.ServletInputStream
    getInputStream()
     
    static jakarta.servlet.http.HttpServletRequest
    getOrgRequest(jakarta.servlet.http.HttpServletRequest req)
    获取最原始的request的静态方法
    String
    getParameter(String name)
    覆盖getParameter方法,将参数名和参数值都做xss过滤。
    Map
    getParameterMap()
     
    String[]
    getParameterValues(String name)
     
    jakarta.servlet.http.HttpServletRequest
    getRequest()
    获取最原始的request

    Methods inherited from class jakarta.servlet.http.HttpServletRequestWrapper

    authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, isUserInRole, login, logout, newPushBuilder, upgrade

    Methods inherited from class jakarta.servlet.ServletRequestWrapper

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterNames, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface jakarta.servlet.ServletRequest

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterNames, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

  • Field Details

    • TIMED_XSS_CACHE

      public static cn.hutool.cache.impl.TimedCache<String,Integer> TIMED_XSS_CACHE

    • TIMED_REQ_CACHE

      public static cn.hutool.cache.impl.TimedCache<String,Boolean> TIMED_REQ_CACHE

  • Constructor Details

    • XssHttpServletRequestWrapper

      public XssHttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequest request)

    • XssHttpServletRequestWrapper

      public XssHttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequest request, List<String> excludesFiled)

  • Method Details

    • getInputStream

      public jakarta.servlet.ServletInputStream getInputStream() throws IOException
      Specified by:
      getInputStream in interface jakarta.servlet.ServletRequest
      Overrides:
      getInputStream in class jakarta.servlet.ServletRequestWrapper
      Throws:
      IOException

    • getParameter

      public String getParameter(String name)
      覆盖getParameter方法,将参数名和参数值都做xss过滤。

      如果需要获得原始的值,则通过super.getParameterValues(name)来获取

      getParameterNames,getParameterValues和getParameterMap也可能需要覆盖

      Specified by:
      getParameter in interface jakarta.servlet.ServletRequest
      Overrides:
      getParameter in class jakarta.servlet.ServletRequestWrapper

    • getParameterMap

      public Map getParameterMap()
      Specified by:
      getParameterMap in interface jakarta.servlet.ServletRequest
      Overrides:
      getParameterMap in class jakarta.servlet.ServletRequestWrapper

    • getParameterValues

      public String[] getParameterValues(String name)
      Specified by:
      getParameterValues in interface jakarta.servlet.ServletRequest
      Overrides:
      getParameterValues in class jakarta.servlet.ServletRequestWrapper

    • getRequest

      public jakarta.servlet.http.HttpServletRequest getRequest()
      获取最原始的request
      Overrides:
      getRequest in class jakarta.servlet.ServletRequestWrapper
      Returns:

    • getOrgRequest

      public static jakarta.servlet.http.HttpServletRequest getOrgRequest(jakarta.servlet.http.HttpServletRequest req)
      获取最原始的request的静态方法
      Returns: