源代码

001/**
002 * Copyright (c) 2015-2022, Michael Yang 杨福海 (fuhai999@gmail.com).
003 * <p>
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 * <p>
008 * http://www.apache.org/licenses/LICENSE-2.0
009 * <p>
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package io.jboot.web.xss;
017
018import io.jboot.utils.StrUtil;
019
020import javax.servlet.http.HttpServletRequest;
021import java.util.HashMap;
022import java.util.Map;
023
024public class XSSHttpServletRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper {
025
026    public XSSHttpServletRequestWrapper(HttpServletRequest request) {
027        super(request);
028    }
029
030    @Override
031    public String getParameter(String name) {
032        return cleanXss(super.getParameter(name));
033
034    }
035
036    @Override
037    public String[] getParameterValues(String name) {
038        String[] values = super.getParameterValues(name);
039        if (null == values) {
040            return null;
041        }
042        for (int i = 0; i < values.length; i++) {
043            values[i] = cleanXss(values[i]);
044        }
045        return values;
046    }
047
048
049    @Override
050    public String getHeader(String name) {
051        return cleanXss(super.getHeader(name));
052    }
053
054
055    @Override
056    public Map<String, String[]> getParameterMap() {
057        Map<String, String[]> paraMap = super.getParameterMap();
058        if (null == paraMap || paraMap.isEmpty()) {
059            return paraMap;
060        }
061
062        Map<String, String[]> ret = new HashMap<>(paraMap.size());
063        for (Map.Entry<String, String[]> entry : paraMap.entrySet()) {
064            String[] values = entry.getValue();
065            if (null == values || values.length == 0) {
066                ret.put(entry.getKey(),values);
067            }else {
068                String[] newValues = new String[values.length];
069                for (int i = 0; i < values.length; i++) {
070                    newValues[i] = cleanXss(values[i]);
071                }
072                ret.put(entry.getKey(),newValues);
073            }
074        }
075        return ret;
076    }
077
078    private static String cleanXss(String para) {
079        return StrUtil.escapeHtml(para);
080    }
081}