Nutz中过滤特殊字符

##Servlet中有获取Request参数的方法,而Nutz中也有重写类似的方法,我们只要知道它如何得到RequestMap就可以处理请求中的参数,进而对它进行处理。

  • 在Nutz项目中的MainModule中配置你写的类(如AnyMobileActionFilter.class);
  • 把需要过滤的字符写在配置文件中(如:SCFilter.properties).
  • 编写AnyMobileActionFilter 它是记住要实现ActionFilter,这个是Nutz中的对请求统一处理的过滤器;

一、MainModule中配置过滤器:

@Filters({@By(type=AnyMobileActionFilter.class)})
public class MainModule {

}

二、在配置文件中配置需要过滤的字符:

SCFilter.properties

#有多个参数请用"|"号隔开,可以有多个KEY=Value
#Key的名字随意取
NAME=滚犊子
HELLO=go and fuck youself|fuck
SPEAK=不要说脏话

三、编写AnyMobileActionFilter:

package com.carforu.web.filter;

import java.text.Normalizer;
import java.util.List;
import java.util.Map;
import java.util.Set;


import org.nutz.ioc.Ioc;
import org.nutz.ioc.impl.PropertiesProxy;
import org.nutz.mvc.ActionContext;
import org.nutz.mvc.ActionFilter;
import org.nutz.mvc.Mvcs;
import org.nutz.mvc.View;
import org.nutz.mvc.view.ForwardView;


public class AnyMobileActionFilter implements ActionFilter {

    /**
     * 遍历当前参数
     * 
     * @param Map
     *            <String, String[]> 获取的内容
     * @return bool boolean
     */
    public boolean SCFCheck(Map<String, String[]> originalQueryString) {
        boolean bool = true;
        if (originalQueryString != null) {
            for (String key : (Set<String>) originalQueryString.keySet()) {
                if (bool != false) {
                    String[] rawVals = originalQueryString.get(key);
                    for (int i = 0; i < rawVals.length; i++) {
                        bool = stripXSS(rawVals[i]);
                        if(bool == false) break;
                    }
                    bool = stripXSS(key);
                    if(bool == false) break;
                } else {
                    break;
                }
            }
        }
        return bool;
    }

    /**
     * 判断是否匹配
     * 
     * @param value
     *            当前要匹配内容
     * @return bool boolean
     */
    private boolean stripXSS(String value) {

        String cleanValue = null;
        Boolean bool = true;
        Ioc ioc = Mvcs.getIoc();
        PropertiesProxy scfilter = ioc.get(PropertiesProxy.class, "scfilter");

        if (value != null) {
            cleanValue = Normalizer.normalize(value, Normalizer.Form.NFD);

            List<String> fkeys = scfilter.getKeys();

            for (String fk : fkeys) {
                if (bool != false) {
                    String scfvalue = scfilter.get(fk);
                    String[] propertiesList = scfvalue.split("\|");
                    for (int i = 0; i < propertiesList.length; i++) {
                        /*Pattern scfpattern = Pattern.compile(propertiesList[i],
                                Pattern.CASE_INSENSITIVE);
                        Matcher m = scfpattern.matcher(cleanValue);*/
                        int index = cleanValue.indexOf(propertiesList[i]);
                        if (index != -1) {
                            bool = false;
                            break;
                        }else{
                            bool = true;
                        }
                    }
                }else{
                    break;
                }

            }
        }
        return bool;
    }

    @Override
    public View match(ActionContext ac) {
        Map<String, String[]> originalQueryString = ac.getRequest()
                .getParameterMap();
        boolean bool = this.SCFCheck(originalQueryString);
        if (bool) {
            return null;
        } else {
            return new ForwardView("/unsafeCode.html");
        }
    }
}

这样你就可以随意配置要过滤的字符啦。

Code is read far more than it's written
【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/ChickenTang/p/5655404.html