1.建立一个工具类
package im.lsn.oss.exhibition.utils;
import org.apache.commons.lang3.StringUtils;
import java.beans.IntrospectionException;
import java.beans.PropertyDescriptor;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.util.stream.Stream;
public class XssUtils {
public static Object processXss(Object o) {
Class clazz = o.getClass();
Field[] fields = clazz.getDeclaredFields();
Stream.of(fields).forEach( field ->{
try {
PropertyDescriptor pd = new PropertyDescriptor(field.getName(),clazz);
if(field.getType().getName().equals("java.lang.String")){
String value = (String)pd.getReadMethod().invoke(o);
pd.getWriteMethod().invoke(o,cleanXSS(value));
}
} catch (IntrospectionException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
} catch (InvocationTargetException e) {
e.printStackTrace();
}
});
return o;
}
public static String cleanXSS(String value) {
if (StringUtils.isBlank(value)) {
return value;
}
value = value.replaceAll("eval(\s*)\(", "");
value = value.replaceAll("javascript(\s*):", "");
value = value.replaceAll("<(/?)(\s*)[sS][cC][rR][iI][pP][tT](\s*)>", "");
value = value.replaceAll("on[a-zA-Z]*(\s*)=", "");
return value;
}
}
2.在方法前进行代码的处理
editForm= (ExhibitorsEditForm)XssUtils.processXss(editForm);