评论区留言 网站统一编码 拦截非法字符串 过滤非法字符串
评论区留言:
超链接:
留言板
留言板:托马斯直播间留言区
<%--留言文本框--%> <%--提交按钮--%> WordsServlet(请求和响应): @WebServlet("/WordsServlet") public class WordsServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doPost(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //解码 request.setCharacterEncoding("utf-8"); //编码 response.setContentType("text/html;charset=utf-8"); //1.接收请求参数 content String content = request.getParameter("content"); //2.将结果响应给页面 response.getWriter().write(content); } }网站统一编码(用web.xml实现字符集解耦合):
web.xml:
EncodeFilter
cast.EncodeFilter
encode
UTF-8
EncodeFilter
/*
public class EncodeFilter implements Filter {
//定义全局变量
private String encode;
public void init(FilterConfig config) throws ServletException {
//将获取到的字符编码指定给全局变量
encode = config.getInitParameter(“encode”); //config:读取配置文件的信息
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws ServletException, IOException {
//向下转型
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//判断用户是不是用的post方法
if(request.getMethod().equalsIgnoreCase("post")){
//equalsIgnoreCase :
request.setCharacterEncoding(encode);
}
response.setContentType("text/html;charset="+encode);
chain.doFilter(servletRequest, servletResponse);
}
public void destroy() {
}
}
拦截非法字符串 :
//创建一个拦截器
@WebFilter("/WordsServlet") //拦截WordsServlet
public class WordsFilter implements Filter {
//因为一会dofilter要用集合,所以声明一个全局变量
private List wordslist;
public void init(FilterConfig config) throws ServletException {
//1.读取配置文件
ResourceBundle word = ResourceBundle.getBundle(“word”);
//2.获取读取的信息
String keywords = word.getString(“keywords”);
//3.用split进行切割,将切割的信息数组保存到集合中Array.asList
wordslist = Arrays.asList(keywords.split(","));
System.out.println(“加载非法词库:”+wordslist);
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws ServletException, IOException {
//向下转型
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//1.获取用户输入信息
String content = request.getParameter(“content”);
//查看是否获取用户输入信息,在后台打印
//遍历词库,获取
for (String word : wordslist) {
//将用户输入的信息和词库中的信息比较,如果有就拦截用户输入的信息
if(content.contains(word)){
//响应给页面,友情提示
response.getWriter().write(“输入的字符敏感…”);
//下面就不会再执行了
return;
}
}
//放行
chain.doFilter(request, response);
}
public void destroy() {
}
}
注:filter为什么要向下转型?
ServletRequest request;这个是将子类对象赋给父类引用,他运行时的类型是子类,编译时的类型是父类,但是在运行时,父类类型对象调用的方法如果子类里面有,那就执行子类里面的方法,如果编译时的类型也就是父类没有调用的那个方法,则报错.
过滤非法字符串:
@WebFilter("/WordsServlet")
public class WordsProFilter implements Filter {
private List wordList;
public void init(FilterConfig config) throws ServletException {
//1.读取配置文件
ResourceBundle word = ResourceBundle.getBundle("word");
//2.获取值
String keywords = word.getString("keywords");
//3.将获取的词库一","号切割,保存到集合中
wordList = Arrays.asList(keywords.split(","));
//打印是否将信息保存到集合中
System.out.println("加载非法词库:"+wordList);
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws ServletException, IOException {
//向下转型
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
// 对request对象进行包装 (过滤)
MyRequest myRequest = new MyRequest(request,wordList);
//放行
chain.doFilter(myRequest, response);
}
public void destroy() {
}
}
public class MyRequest extends HttpServletRequestWrapper {
private List wordList;
public MyRequest(HttpServletRequest request,List wordList) {
super(request);
this.wordList =wordList;
}
//用谁就增强谁
@Override
public String getParameter(String content) {
//获得用户输入的数据
//父类就是request
String parameter = super.getParameter(content);
//进行非法数据的处理
for (String word : wordList) {
if (parameter.contains(word)) {
//获得非法字符的数量
int length = word.length();
//创建替代
String TH = “”;
for (int i = 0; i < length; i++) { //遍历词汇的长度,然后给TH赋值,有多长就赋值几个*
TH += “*”;
}
//这里进行替换,循环一次替换一种,循环完毕,替换完全
parameter = parameter.replaceAll(word, TH);
}
}
return parameter;
}
}