java web Decorator模式包装request对象实现html标签转义功能
2016-08-19 09:25
453 查看
package me.gacl.web.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
/**
* @ClassName: HtmlFilter
* @Description: html转义过滤器
* @author: 孤傲苍狼
* @date: 2014-9-2 下午11:28:41
*
*/
public class HtmlFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
MyHtmlRequest myrequest = new MyHtmlRequest(request);
chain.doFilter(myrequest, response);
}
public void destroy() {
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
/**
* @ClassName: MyHtmlRequest
* @Description: 使用Decorator模式包装request对象,实现html标签转义功能
* @author: 孤傲苍狼
* @date: 2014-9-2 下午11:29:09
*
*/
class MyHtmlRequest extends HttpServletRequestWrapper {
private HttpServletRequest request;
public MyHtmlRequest(HttpServletRequest request) {
super(request);
this.request = request;
}
/* 覆盖需要增强的getParameter方法
* @see javax.servlet.ServletRequestWrapper#getParameter(java.lang.String)
*/
@Override
public String getParameter(String name) {
String value = this.request.getParameter(name);
if (value == null) {
return null;
}
//调用filter转义value中的html标签
return filter(value);
}
/**
* @Method: filter
* @Description: 过滤内容中的html标签
* @Anthor:孤傲苍狼
* @param message
* @return
*/
public String filter(String message) {
if (message == null){
return null;
}
char content[] = new char[message.length()];
message.getChars(0, message.length(), content, 0);
StringBuffer result = new StringBuffer(content.length + 50);
for (int i = 0; i < content.length; i++) {
switch (content[i]) {
case '<':
result.append("<");
break;
case '>':
result.append(">");
break;
case '&':
result.append("&");
break;
case '"':
result.append(""");
break;
default:
result.append(content[i]);
}
}
return result.toString();
}
}
<!--配置Html过滤器,转义内容中的html标签-->
<filter>
<filter-name>HtmlFilter</filter-name>
<filter-class>me.gacl.web.filter.HtmlFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>HtmlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML>
<html>
<head>
<title>html过滤器测试</title>
</head>
<body>
<form action="${pageContext.request.contextPath}/servlet/ServletDemo2" method="post">
留言:
<textarea rows="8" cols="70" name="message">
<script type="text/javascript">
while(true){
alert("死循环了,我会不停地弹出了");
}
</script>
<a href="http://www.cnblogs.com">访问博客园</a>
</textarea>
<input type="submit" value="发表">
</form>
</body>
</html>
package me.gacl.web.controller;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ServletDemo2 extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//获取用户输入的内容
String message = request.getParameter("message");
response.getWriter().write("您上次的留言是:<br/>" + message);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
/**
* @ClassName: HtmlFilter
* @Description: html转义过滤器
* @author: 孤傲苍狼
* @date: 2014-9-2 下午11:28:41
*
*/
public class HtmlFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
MyHtmlRequest myrequest = new MyHtmlRequest(request);
chain.doFilter(myrequest, response);
}
public void destroy() {
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
/**
* @ClassName: MyHtmlRequest
* @Description: 使用Decorator模式包装request对象,实现html标签转义功能
* @author: 孤傲苍狼
* @date: 2014-9-2 下午11:29:09
*
*/
class MyHtmlRequest extends HttpServletRequestWrapper {
private HttpServletRequest request;
public MyHtmlRequest(HttpServletRequest request) {
super(request);
this.request = request;
}
/* 覆盖需要增强的getParameter方法
* @see javax.servlet.ServletRequestWrapper#getParameter(java.lang.String)
*/
@Override
public String getParameter(String name) {
String value = this.request.getParameter(name);
if (value == null) {
return null;
}
//调用filter转义value中的html标签
return filter(value);
}
/**
* @Method: filter
* @Description: 过滤内容中的html标签
* @Anthor:孤傲苍狼
* @param message
* @return
*/
public String filter(String message) {
if (message == null){
return null;
}
char content[] = new char[message.length()];
message.getChars(0, message.length(), content, 0);
StringBuffer result = new StringBuffer(content.length + 50);
for (int i = 0; i < content.length; i++) {
switch (content[i]) {
case '<':
result.append("<");
break;
case '>':
result.append(">");
break;
case '&':
result.append("&");
break;
case '"':
result.append(""");
break;
default:
result.append(content[i]);
}
}
return result.toString();
}
}
<!--配置Html过滤器,转义内容中的html标签-->
<filter>
<filter-name>HtmlFilter</filter-name>
<filter-class>me.gacl.web.filter.HtmlFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>HtmlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML>
<html>
<head>
<title>html过滤器测试</title>
</head>
<body>
<form action="${pageContext.request.contextPath}/servlet/ServletDemo2" method="post">
留言:
<textarea rows="8" cols="70" name="message">
<script type="text/javascript">
while(true){
alert("死循环了,我会不停地弹出了");
}
</script>
<a href="http://www.cnblogs.com">访问博客园</a>
</textarea>
<input type="submit" value="发表">
</form>
</body>
</html>
package me.gacl.web.controller;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ServletDemo2 extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//获取用户输入的内容
String message = request.getParameter("message");
response.getWriter().write("您上次的留言是:<br/>" + message);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
相关文章推荐
- java实现HTML标签转义和反转义(StringEscapeUtils)
- java实现html转图片功能或直接后台截图
- 批量处理 Html img 标签,给 img 标签包裹一个 <a href="${url}"> 标签,用来实现“查看大图”的功能
- JavaWeb实现用户登录注册功能实例代码(基于Servlet+JSP+JavaBean模式)
- JAVA微信扫码支付模式二功能实现以及回调
- java web过滤器实际应用(解决中文乱码 html标签转义功能 敏感字符过滤功能)
- java库Html2Image:实现html转图片功能
- html a 标签实现打电话,发短信,发邮件,查地图功能
- JAVA微信扫码支付模式二功能实现以及回调
- Servlet+Javabean+Html实现简单的查询.删除.修改.添加四个功能
- JAVA微信扫码支付模式一功能实现
- 关于含有HTML标签格式的文章截取功能实现
- html使用embed标签实现音乐试听功能
- java库Html2Image:实现html转图片功能
- (Java实现)HTML转JPG,TIFF等图片格式和TIFF图片合并功能解决方案。
- java实现html转pdf功能
- html对select标签实现数据动态增加,删除,修改功能。
- atitit.GUI图片非规则按钮跟动态图片切换的实现模式总结java .net c# c++ web html js
- Java 语言实现清除带 html 标签的内容
- java库Html2Image:实现html转图片功能