过滤特殊字符

SpringMVC框架
利用拦截器实现在执行方法之前判断过滤特殊字符防止跨站攻击

import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

public class FilterWord  implements HandlerInterceptor{

@Override
public void afterCompletion(HttpServletRequest arg0,
HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
// TODO Auto-generated method stub

}

@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
Object arg2, ModelAndView arg3) throws Exception {
// TODO Auto-generated method stub

}

@Override
public boolean preHandle(HttpServletRequest rq, HttpServletResponse rs,
Object arg2) throws Exception {
word(rq, rs);
return true;
}

public Boolean word(HttpServletRequest rq,HttpServletResponse rs) throws IOException{
// rq.getc
String[] word = new String[]{"|","&",";","$","%","@","'","\"","<>","()","+","CR","LF",",",".","script","document","eval","SELECT","FROM","UPDATE","DELETE","UNION","WHERE"};
String parakey;
String paravalue;
for(int i=0;i<word.length;i++){



Map map=rq.getParameterMap();
            Set key = map.keySet();
            for(Object aaa: key.toArray()){
             parakey = aaa.toString();
             paravalue = ((String[])map.get(aaa))[0];
             if(((aaa.toString().indexOf(word[i])>-1))||(paravalue.indexOf(word[i])>-1)){
            rs.sendRedirect(rq.getContextPath()+"/gxfjadmin_page/word/filter.do");//返回某个页面
            return true;
             }
            }

}
return true;

}

}