jsp非法字符有哪些

jsp非法字符有:1、< (小于号);2、>(大于号);3、& (和号);4、” (双引号);5、’ (单引号);6、/ (斜杠);7、% (百分号);8、! (感叹号);9、@ (at符号);10、$ (美元符号)等。这些字符在JSP页面中必须进行转义或避免使用。

一、jsp的非法字符

以下字符在JSP页面中必须进行转义或避免使用:

  1. < (小于号)
  2. >(大于号)
  3. & (和号)
  4. ” (双引号)
  5. ‘ (单引号)
  6. / (斜杠)
  7. % (百分号)
  8. ! (感叹号)
  9. @ (at符号)
  10. $ (美元符号)
  11. *(星号)
  12. ? (问号)
  13. ^ (插入符号)
  14. #(井号)
  15. ~ (波浪号)
  16. ; (分号)
  17. : (冒号)
  18. , (逗号)
  19. . (句号)
  20. | (竖线)
  21. \ (反斜杠)

二、jsp+servlet+fliter实现非法字符过滤

1、创建WordFilter类

package com.wt.wordFilter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class WordFilter implements Filter {

    private String[] words;
    private String encoding;
    /**
     * @see Filter#init(FilterConfig)
     */
    public void init(FilterConfig fConfig) throws ServletException {
        encoding = fConfig.getInitParameter("encoding");
        words = new String[]{"卧槽","我草","我cao","操你妈","傻逼","sb","fuck"};
    }
    /**
     * 具体过滤方法,并将非法字符替换成“***”
     */
    public String filter(String param){
        if(words!=null&&words.length>0){
            for(int i=0;i<words.length;i++){
                if(param.indexOf(words[i])!= -1){
                    param = param.replaceAll(words[i], "***");
                }
            }
        }
        return param;

    }

    /**
     * 一般使用ServletRequest对象获取表单提交的数据,
     * (主要通过 getParameter() 和 getParameterValues()
     * 方法获取),再此创建内部类Request,重写getParameter()
     * 和 getParameterValues(),并在重写的两个方法中实现过滤 
     */

    class Request extends HttpServletRequestWrapper{//HttpServletRequest                                                                      //Wrapper是servletRequest的实现类

        public Request(HttpServletRequest request) {
            super(request);
        }

        @Override
        public String getParameter(String name) {
            // 返回过滤后的参数值
            return filter(super.getRequest().getParameter(name));
        }

        @Override
        public String[] getParameterValues(String name) {
            // 获取所有参数值
            String[] values = super.getRequest().getParameterValues(name);
            //通过循环对所有参数进行进行过滤
            for(int i=0;i<values.length;i++){
                values[i] = filter(values[i]);
            }
            return values;
        }

    }

    /**
     * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
     */
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        if(encoding != null){
            request.setCharacterEncoding(encoding);
            //将request替换为重写后的request
            request = new Request((HttpServletRequest) request);
            response.setContentType("text/html; charset = "+encoding);

        }
        chain.doFilter(request, response);
    }

    /**
     * @see Filter#destroy()
     */
    public void destroy() {
        this.words = null;
        this.encoding = null;
    }
}

2、创建MessageServlet

package com.wt.wordFilter;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class MessageServlet extends HttpServlet {
    private static final long serialVersionUID = 1L;

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    }

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String content = request.getParameter("content");
        request.setAttribute("content", content);
        request.getRequestDispatcher("index.jsp").forward(request, response);
    }

}

3、在web.xml中写入配置信息

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">

  <servlet>
    <servlet-name>MessageServlet</servlet-name>
    <servlet-class>com.wt.wordFilter.MessageServlet</servlet-class>
  </servlet> 
  <servlet-mapping>
    <servlet-name>MessageServlet</servlet-name>
    <url-pattern>/MessageServlet</url-pattern>
  </servlet-mapping>


  <filter>
    <filter-name>WordFilter</filter-name>
    <filter-class>com.wt.wordFilter.WordFilter</filter-class>
    <init-param>
      <param-name>encoding</param-name>
      <param-value>utf-8</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>WordFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
</web-app>

4、使用index.jsp测试结果

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>非法字符过滤测试</title>
</head>
<body>
<center>
<form action="MessageServlet" method="post">
内容:<input type="text"  name="content" ><br>
<input type="submit" value="提交">
</form>
<hr>
------过滤后的结果显示-------<br><br><br>
<%
    String content =(String) request.getAttribute("content");
    if(content!=null&&!content.isEmpty()){
        out.println(content);
    }

%>
</center>
</body>
</html>

延伸阅读

jsp是什么

JSP(全称Java Server Pages)是由Sun Microsystems公司主导创建的一种动态网页技术标准。JSP部署于网络服务器上,可以响应客户端发送的请求,并根据请求内容动态地生成HTML、XML或其他格式文档的Web网页,然后返回给请求者。JSP技术以Java语言作为脚本语言,为用户的HTTP请求提供服务,并能与服务器上的其它Java程序共同处理复杂的业务需求。

文章标题:jsp非法字符有哪些,发布者:Z, ZLW,转载请注明出处:https://worktile.com/kb/p/47777

(0)
打赏 微信扫一扫 微信扫一扫 支付宝扫一扫 支付宝扫一扫
Z, ZLW的头像Z, ZLW
上一篇 2023年3月25日
下一篇 2023年3月25日

相关推荐

发表回复

登录后才能评论
注册PingCode 在线客服
站长微信
站长微信
电话联系

400-800-1024

工作日9:30-21:00在线

分享本页
返回顶部