jsp非法字符有:1、< (小于号);2、>(大于号);3、& (和号);4、” (双引号);5、’ (单引号);6、/ (斜杠);7、% (百分号);8、! (感叹号);9、@ (at符号);10、$ (美元符号)等。这些字符在JSP页面中必须进行转义或避免使用。
一、jsp的非法字符
以下字符在JSP页面中必须进行转义或避免使用:
- < (小于号)
- >(大于号)
- & (和号)
- ” (双引号)
- ‘ (单引号)
- / (斜杠)
- % (百分号)
- ! (感叹号)
- @ (at符号)
- $ (美元符号)
- *(星号)
- ? (问号)
- ^ (插入符号)
- #(井号)
- ~ (波浪号)
- ; (分号)
- : (冒号)
- , (逗号)
- . (句号)
- | (竖线)
- \ (反斜杠)
二、jsp+servlet+fliter实现非法字符过滤
1、创建WordFilter类
package com.wt.wordFilter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class WordFilter implements Filter {
private String[] words;
private String encoding;
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
encoding = fConfig.getInitParameter("encoding");
words = new String[]{"卧槽","我草","我cao","操你妈","傻逼","sb","fuck"};
}
/**
* 具体过滤方法,并将非法字符替换成“***”
*/
public String filter(String param){
if(words!=null&&words.length>0){
for(int i=0;i<words.length;i++){
if(param.indexOf(words[i])!= -1){
param = param.replaceAll(words[i], "***");
}
}
}
return param;
}
/**
* 一般使用ServletRequest对象获取表单提交的数据,
* (主要通过 getParameter() 和 getParameterValues()
* 方法获取),再此创建内部类Request,重写getParameter()
* 和 getParameterValues(),并在重写的两个方法中实现过滤
*/
class Request extends HttpServletRequestWrapper{//HttpServletRequest //Wrapper是servletRequest的实现类
public Request(HttpServletRequest request) {
super(request);
}
@Override
public String getParameter(String name) {
// 返回过滤后的参数值
return filter(super.getRequest().getParameter(name));
}
@Override
public String[] getParameterValues(String name) {
// 获取所有参数值
String[] values = super.getRequest().getParameterValues(name);
//通过循环对所有参数进行进行过滤
for(int i=0;i<values.length;i++){
values[i] = filter(values[i]);
}
return values;
}
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if(encoding != null){
request.setCharacterEncoding(encoding);
//将request替换为重写后的request
request = new Request((HttpServletRequest) request);
response.setContentType("text/html; charset = "+encoding);
}
chain.doFilter(request, response);
}
/**
* @see Filter#destroy()
*/
public void destroy() {
this.words = null;
this.encoding = null;
}
}
2、创建MessageServlet
package com.wt.wordFilter;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class MessageServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String content = request.getParameter("content");
request.setAttribute("content", content);
request.getRequestDispatcher("index.jsp").forward(request, response);
}
}
3、在web.xml中写入配置信息
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<servlet>
<servlet-name>MessageServlet</servlet-name>
<servlet-class>com.wt.wordFilter.MessageServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MessageServlet</servlet-name>
<url-pattern>/MessageServlet</url-pattern>
</servlet-mapping>
<filter>
<filter-name>WordFilter</filter-name>
<filter-class>com.wt.wordFilter.WordFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>WordFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>4、使用index.jsp测试结果
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>非法字符过滤测试</title>
</head>
<body>
<center>
<form action="MessageServlet" method="post">
内容:<input type="text" name="content" ><br>
<input type="submit" value="提交">
</form>
<hr>
------过滤后的结果显示-------<br><br><br>
<%
String content =(String) request.getAttribute("content");
if(content!=null&&!content.isEmpty()){
out.println(content);
}
%>
</center>
</body>
</html>延伸阅读
jsp是什么
JSP(全称Java Server Pages)是由Sun Microsystems公司主导创建的一种动态网页技术标准。JSP部署于网络服务器上,可以响应客户端发送的请求,并根据请求内容动态地生成HTML、XML或其他格式文档的Web网页,然后返回给请求者。JSP技术以Java语言作为脚本语言,为用户的HTTP请求提供服务,并能与服务器上的其它Java程序共同处理复杂的业务需求。
文章标题:jsp非法字符有哪些,发布者:Z, ZLW,转载请注明出处:https://worktile.com/kb/p/47777
微信扫一扫 
支付宝扫一扫 
