概述

struts版本：2.3.4.1
tomcat版本：6

第一种修复方法

参考文章：https://yq.aliyun.com/articles/7126 （不过安全按照该方法无法修复，只能参考思路）

1. 重写StrutsPrepareAndExecuteFilter，注册自定义Dispatcher

   public class MStrutsPrepareAndExecuteFilter extends
   StrutsPrepareAndExecuteFilter {
   @Override
   public void init(FilterConfig filterConfig) throws ServletException {
   InitOperations init = new InitOperations();
   try {
   FilterHostConfig config = new FilterHostConfig(filterConfig);
   init.initLogging(config);
   Dispatcher dispatcher = initDispatcher(config);
   init.initStaticContentLoader(config, dispatcher);
   
   prepare = new PrepareOperations(filterConfig.getServletContext(), dispatcher);
   execute = new ExecuteOperations(filterConfig.getServletContext(), dispatcher);
   this.excludedPatterns = init.buildExcludedPatternsList(dispatcher);
   
   postInit(dispatcher, filterConfig);
   } finally {
   init.cleanup();
   }
   
   }
   /**
   * Creates and initializes the dispatcher
   */
   public Dispatcher initDispatcher( HostConfig filterConfig ) {
   Dispatcher dispatcher = createDispatcher(filterConfig);
   dispatcher.init();
   return dispatcher;
   }
   /**
   * Create a {@link Dispatcher}
   */
   private Dispatcher createDispatcher(HostConfig filterConfig) {
   Map<String, String> params = new HashMap<String, String>();
   for (Iterator e = filterConfig.getInitParameterNames(); e.hasNext();) {
   String name = (String) e.next();
   String value = filterConfig.getInitParameter(name);
   params.put(name, value);
   }
   return new MDispatcher(filterConfig.getServletContext(), params);
   }

2. 写自定义Dispatcher，继承Dispatcher，重写createContextMap方法，将 Map params = new HashMap(request.getParameterMap());改行修改为 Map params = new HashMap(new ParamFormatWarp(request).getParameterMap());

3. ParamFormatWarp类参考如下

   public class ParamFormatWarp extends HttpServletRequestWrapper {
   
   public ParamFormatWarp(HttpServletRequest request) {
   super(request);
   }
   
   private String clearXss(String value) {
   if (value == null || "".equals(value)) {
   return value;
   }
   value = stripXSSAndSql(value);
   return value;
   }
   /**
   *
   * 防止xss跨脚本***（替换，根据实际情况调整）
   */
   
   public  String stripXSSAndSql(String value) {
   if (value != null) {
   Pattern scriptPattern = Pattern.compile("<[\r\n| | ]*script[\r\n| | ]*>(.*?)</[\r\n| | ]*script[\r\n| | ]*>", Pattern.CASE_INSENSITIVE);
   value = scriptPattern.matcher(value).replaceAll("");
   
   }
   return value;
   }
   @Override
   public Map getParameterMap() {
   HashMap paramMap = (HashMap) super.getParameterMap();
   paramMap = (HashMap) paramMap.clone();
   for (Iterator iterator = paramMap.entrySet().iterator(); iterator.hasNext(); ) {
   Map.Entry  entry = (Map.Entry ) iterator.next();
   String [] values =(String[])entry.getValue();
   for (int i = 0; i < values.length; i++) {
   if(values[i] instanceof String){
   values[i] = clearXss(values[i]);
   }
   }
   entry.setValue(values);
   }
   return paramMap;
   }
   }

   上面这种修改方法有可能在其他应用服务器下有问题，如http://zydky.iteye.com/blog/558973 ，我未测试，如有问题可按照如下方式过滤getParameterMap获取的map https://www.geek-share.com/detail/2682161720.html

第二种方法

参照：https://www.geek-share.com/detail/2655376761.html 和
https://www.geek-share.com/detail/2655374242.html 一定要两个链接一起看，否则不起作用，另外有一处代码记得按照如下修改：

Map<String, Object> map = inaction.getParameters();
for (Map.Entry<String, Object> entry : map.entrySet()) {
String[] values = ((String[]) (entry.getValue()));
for (int
5ac
i = 0; i < values.length; i++) {
values[i]=XssUtil.clearXss(values[i]);
}
entry.setValue(values);
}

为什么存在values[[]，有可能请求的链接是url?t=1&t=2&t=3