web项目XSS漏洞处理

public void doFilter(ServletRequest req0, ServletResponse res0,
FilterChain chain)
{

HttpServletResponse response = (HttpServletResponse) res0;
HttpServletRequest request = (HttpServletRequest) req0;
response.setHeader("P3P", "CP=CAO PSA OUR");
try
{
// ActionContext ctx =ServletActionContext.getActionContext(request);
Enumeration paramNames = request.getParameterNames();
String specialCharactersStr = SystemConfig.interceptSpecial;

if (null != specialCharactersStr && specialCharactersStr.length() != 0)
{
while (paramNames.hasMoreElements())
{
String paramName = (String) paramNames.nextElement();
String value = request.getParameter(paramName);
if (matchRegPattern(paramName))
{

String errorMsg = "跨站漏洞检查：请求参数名【" + paramName + "】含有特殊字符【"
+ specialCharactersStr + "】中的一个或多个！";

// ctx.getValueStack().set("operMsg", errorMsg);
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("");
out.println("");
out.println(" ");
out.println(" ");
out.print(" ");
out.print(errorMsg);
out.println(", ");
out.println(" ");
out.println("");
out.flush();
out.close();

}
if (matchRegPattern(value))
{
String errorMsg = "跨站漏洞检查：请求参数值【" + value + "】含有特殊字符【"
+ specialCharactersStr + "】中的一个或多个！";
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("");
out.println("");
out.println(" ");
out.println(" ");
out.print(" ");
out.print(errorMsg);
out.println(", ");
out.println(" ");
out.println("");
out.flush();
out.close();
}
}
}
chain.doFilter(req0, res0);
}
catch (Exception e)
{
e.printStackTrace();
}
}


web.xml配置


loginfilter
com.ipi.wlan.base.common.FiterHandle


loginfilter
/*


过滤字符：


private static boolean matchRegPattern(String strTarget)
{
String[] specialCharactersArray = SystemConfig.interceptSpecial
.split(",");
if (null != strTarget)
{
for (int i = 0; i < specialCharactersArray.length; i++)
{
if (strTarget.indexOf(specialCharactersArray[i]) >= 0)// 该字符串存在特殊字符
{
return true;
}
}
}
return false;
}