html代码过滤工具
本页面免费为大家提供html代码过滤工具,Js过滤,Css过滤,script过滤,自定义过滤HTML,将想替换的字符替换自定义字符,可以把html代码过滤掉,过滤成单纯的文本,该工具还可以对指定字符进行替换,生成干净的纯文本或代码等。
HTML特殊字符过滤器
/**
* HTML标签过滤,防止用户恶意提交带HTML标签的数据
*
* @author liulg
*/
public class HTMLCharacterRequest extends HttpServletRequestWrapper {
public HTMLCharacterRequest(HttpServletRequest request) {
super(request);
}
@Override
public String getParameter(String name) {
String value = super.getParameter(name);
return filter(value);
}
@Override
@SuppressWarnings("unchecked")
public Map getParameterMap() {
Map<String, String[]> map = super.getParameterMap();
Map<String, String[]> map_ = new HashMap<String, String[]>();
Set<Entry<String, String[]>> set = map.entrySet();
Iterator<Entry<String, String[]>> it = set.iterator();
while (it.hasNext()) {
Entry<String, String[]> entry = it.next();
if (entry != null && entry.getValue() != null
&& entry.getValue().length > 0) {
String[] array = new String[entry.getValue().length];
for (int i = 0; i < entry.getValue().length; i++) {
array[i] = filter(entry.getValue()[i]);
}
map_.put(entry.getKey(), array);
}
}
return map_;
}
@Override
public String[] getParameterValues(String name) {
String[] values = super.getParameterValues(name);
if (values == null || values.length == 0)
return values;
for (int i = 0; i < values.length; i++) {
String str = values[i];
values[i] = filter(str);
}
return values;
}
private String filter(String value) {
if (StringUtil.isNotBlank(value)) {
value = value.replaceAll("<", "[").replaceAll(">", "]");
}
return value;
}
}
/**
* 权限访问控制
*
* @author luo
*/
public class PermitFilter implements Filter {
private static Map<String, Object> sysMenusMap = new HashMap<String, Object>();
private static String[] params = null;
private final static String LOGIN_VIEW = "/jsp/index/login.jsp";
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
String uri = request.getRequestURI();
String contextPath = request.getContextPath();
uri = uri.substring(contextPath.length());
Object obj = request.getSession().getAttribute(Constant.USER_SESSION);
if(obj == null){
//未登录可放行的访问
for (String p : params) {
if (uri.startsWith(p)) {
chain.doFilter(req, resp);
return;
}
}
//aJax访问 (未登录不可放行)
if (request.getHeader("x-requested-with") != null
&& request.getHeader("x-requested-with").equalsIgnoreCase( // ajax超时处理
"XMLHttpRequest")) {
JspUtils.print(response, "timeout");
return;
}
//普通访问 (未登录不可放行)
request.getRequestDispatcher(LOGIN_VIEW).forward(req, resp);
}else{
//是否越权访问
Users user = (Users) obj;
List<Menu> menus = new ArrayList<Menu>(user.getRose().getMenus());
boolean flag =false;
if(sysMenusMap.get(uri) != null){
for (Menu menu : menus) {
if(StringUtil.isNotBlank(menu.getMenuUrl()))
if(uri.equals("/"+menu.getMenuUrl())){
flag=true;
break;
}
}
}else{
chain.doFilter(new HTMLCharacterRequest(request), resp);
return;
}
if(flag){
// chain.doFilter(request, resp);
chain.doFilter(new HTMLCharacterRequest(request), resp);
return;
}else{
JspUtils.print(response, "<script>alert('无权访问');</script>");
return ;
}
}
}
public void init(FilterConfig config) throws ServletException {
params = config.getInitParameter("p").split(",");
RoseDao roseDao = (RoseDao) Springs.getApp().getBean("roseDaoImpl");
List<Menu> sysMenus = roseDao.findAllMenuBy_URL_NOTNULL();
for (Menu menu : sysMenus) {
sysMenusMap.put("/"+menu.getMenuUrl(), menu.getMenuName());
}
}
public void destroy() { }
}