版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq3399013670/article/details/87858252
SpringBoot实现xss拦截器代码demo:
@Component("xssInterceptor")
public class XssInterceptor extends HandlerInterceptorAdapter{
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception
{
response.addHeader("x-frame-options", "SAMEORIGIN");
String servletPath = request.getServletPath();
Map<String, String[]> parameterMap = request.getParameterMap();
//用户日志
StringBuffer log = new StringBuffer();
log.append("url:"+servletPath);
Set<Map.Entry<String,String[]>> keyset = parameterMap.entrySet();
for (Entry<String, String[]> entry : keyset) {
String[] paramvalue = entry.getValue();
if(paramvalue[0]!=""){
log.append("^");
log.append(entry.getKey());
}
}
Logger.info(log.toString());
if(InjectionDefenseManager.check(servletPath, parameterMap)){
return true;
} else {
throw new GenericException(ErrorCodes.INJECTION_MESSG);
}
}
}