Class XssHttpServletRequestWrapper

java.lang.Object
jakarta.servlet.ServletRequestWrapper
jakarta.servlet.http.HttpServletRequestWrapper
com.codeupsoft.interceptor.xss.core.XssHttpServletRequestWrapper
All Implemented Interfaces:
jakarta.servlet.http.HttpServletRequest, jakarta.servlet.ServletRequest
public class XssHttpServletRequestWrapper extends jakarta.servlet.http.HttpServletRequestWrapper
XSS防护请求包装类.

对HttpServletRequest进行包装,对参数进行XSS过滤.

Author:
codeupsoft

  • Field Summary

    Fields inherited from interface jakarta.servlet.http.HttpServletRequest

    BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

  • Constructor Summary

    Constructors
    Constructor
    Description
    XssHttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequest request, XssClearHandler xssClearHandler)
    构造函数.

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    getHeader(String name)
    获取请求头信息,并对其进行XSS过滤.
    jakarta.servlet.ServletInputStream
    getInputStream()
    获取请求输入流,并对其进行XSS过滤.
    String
    getParameter(String name)
    获取指定参数名的值,并对其进行XSS过滤.
    Map<String,String[]>
    getParameterMap()
    获取所有请求参数,并对键和值都进行XSS过滤.
    String[]
    getParameterValues(String name)
    获取指定参数名的所有值,并对其进行XSS过滤.
    String
    inputHandlers(jakarta.servlet.ServletInputStream inputStream)
    处理输入流数据,读取并清理其中的XSS攻击字符.

    Methods inherited from class jakarta.servlet.http.HttpServletRequestWrapper

    authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeaderNames, getHeaders, getHttpServletMapping, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getTrailerFields, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isTrailerFieldsReady, isUserInRole, login, logout, newPushBuilder, upgrade

    Methods inherited from class jakarta.servlet.ServletRequestWrapper

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterNames, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setCharacterEncoding, setRequest, startAsync, startAsync

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface jakarta.servlet.ServletRequest

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterNames, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setCharacterEncoding, startAsync, startAsync

  • Constructor Details

    • XssHttpServletRequestWrapper

      public XssHttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequest request, XssClearHandler xssClearHandler)
      构造函数.
      Parameters:
      request - 原始请求对象
      xssClearHandler - XSS清理处理器

  • Method Details

    • getParameter

      public String getParameter(String name)
      获取指定参数名的值,并对其进行XSS过滤.
      Specified by:
      getParameter in interface jakarta.servlet.ServletRequest
      Overrides:
      getParameter in class jakarta.servlet.ServletRequestWrapper
      Parameters:
      name - 参数名称
      Returns:
      过滤后的参数值

    • getParameterValues

      public String[] getParameterValues(String name)
      获取指定参数名的所有值,并对其进行XSS过滤.
      Specified by:
      getParameterValues in interface jakarta.servlet.ServletRequest
      Overrides:
      getParameterValues in class jakarta.servlet.ServletRequestWrapper
      Parameters:
      name - 参数名称
      Returns:
      过滤后的参数值数组

    • getParameterMap

      public Map<String,String[]> getParameterMap()
      获取所有请求参数,并对键和值都进行XSS过滤.
      Specified by:
      getParameterMap in interface jakarta.servlet.ServletRequest
      Overrides:
      getParameterMap in class jakarta.servlet.ServletRequestWrapper
      Returns:
      过滤后的参数映射表

    • getHeader

      public String getHeader(String name)
      获取请求头信息,并对其进行XSS过滤.
      Specified by:
      getHeader in interface jakarta.servlet.http.HttpServletRequest
      Overrides:
      getHeader in class jakarta.servlet.http.HttpServletRequestWrapper
      Parameters:
      name - 请求头名称
      Returns:
      过滤后的请求头值

    • getInputStream

      public jakarta.servlet.ServletInputStream getInputStream() throws IOException
      获取请求输入流,并对其进行XSS过滤.
      Specified by:
      getInputStream in interface jakarta.servlet.ServletRequest
      Overrides:
      getInputStream in class jakarta.servlet.ServletRequestWrapper
      Returns:
      过滤后的ServletInputStream
      Throws:
      IOException - IO异常

    • inputHandlers

      public String inputHandlers(jakarta.servlet.ServletInputStream inputStream) throws IOException
      处理输入流数据,读取并清理其中的XSS攻击字符.
      Parameters:
      inputStream - 输入流
      Returns:
      清理后的内容
      Throws:
      IOException - IO异常