1.重写HttpServletRequest子类 package com.zh.charFilter; import java.util.Iterator; import java.util.Map; import java.util.Properties; import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; public class CharRequestWrapper extends HttpServletRequestWrapper{ private Map<String,String> escapeMap=null; public CharRequestWrapper(HttpServletRequest request) { super(request); // TODO Auto-generated constructor stub } //重新写了这个构造方法 public CharRequestWrapper(HttpServletRequest arg0,Map<String,String> escapeMap) { super(arg0); this.escapeMap=escapeMap; // TODO Auto-generated constructor stub } public String getParameter(String name){ //System.out.println("CharRequestWrapper getParmeter"); return this.doEscape(this.getRequest().getParameter(name)); } //把收到的 parmeter 中的一些字符 替换 //Map("要替换的","被替换的") 例: Map("<","<"); private String doEscape(String parmeter){ if(parmeter==null){ return null; } String result=parmeter; Iterator<String> iterator=escapeMap.keySet().iterator(); while(iterator.hasNext()){ String origin=iterator.next(); String escape=escapeMap.get(origin); result=result.replaceAll(origin, escape); } return result; } } 2.使用过滤器 package com.zh.charFilter; import java.io.*; import java.util.HashMap; import java.util.Map; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; public class CharFilter implements Filter{ private Map<String,String> escapeMap=null; public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { // TODO Auto-generated method stub HttpServletRequest httpServletWrapper=new CharRequestWrapper((HttpServletRequest)arg0,escapeMap); //System.out.println("getParameter="+httpServletWrapper.getParameter("<input>")); arg2.doFilter(httpServletWrapper, arg1); } //将要替换的渗格式 写入Map中 public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub BufferedReader bufferedReader=null; try { bufferedReader=new BufferedReader(new FileReader(arg0.getServletContext().getRealPath("/MyFile/charFiter.txt"))); String input=null; escapeMap=new HashMap<String,String>(); while( (input = bufferedReader.readLine()) != null){ String[] tokens=input.split(" "); escapeMap.put(tokens[0], tokens[1]); } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); }finally{ try { bufferedReader.close(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } } } public void destroy() { // TODO Auto-generated method stub } } 3. 过滤的servlet view package com.zh.charFilter; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class CharServlet extends HttpServlet{ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=utf-8"); PrintWriter out = response.getWriter(); out.println("<form action='/MyFilter/CharServlet2' method='get'>"); out.println("<textarea rows='3' name='textarea' cols='30'>"); out.println("</textarea>"); out.println("<input type='submit'/>"); out.println("</form>"); out.close(); } /** * The doPost method of the servlet. <br> * * This method is called when a form has its tag value method equals to post. * * @param request the request send by the client to the server * @param response the response send by the server to the client * @throws ServletException if an error occurred * @throws IOException if an error occurred */ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.close(); } } 4. 过滤的结果 package com.zh.charFilter; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class CharServlet2 extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<h1>ni hao</h1>"); String s=request.getParameter("textarea"); //System.out.println(s); out.println(s); out.close(); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out .println("<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">"); out.println("<HTML>"); out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>"); out.println(" <BODY>"); out.print(" This is "); out.print(this.getClass()); out.println(", using the POST method"); out.println(" </BODY>"); out.println("</HTML>"); out.flush(); out.close(); } } 5. 要过滤的字符 和 文件 < < > > charFiter.txt 6.设置web.xml <filter> <filter-name>CharFilter</filter-name> <filter-class>com.zh.charFilter.CharFilter</filter-class> </filter> <filter-mapping> <filter-name>CharFilter</filter-name> <url-pattern>/CharServlet2</url-pattern> </filter-mapping>