728x90
반응형
※ 필요 JAR파일
web.xml
|
1
2
3
4
5
6
7
8
|
<filter>
<filter-name>CrossSiteScriptingFilter</filter-name>
<filter-class>egovframework.com.cmm.filter.HTMLTagFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CrossSiteScriptingFilter</filter-name>
<url-pattern>/frt/a02/selectInfoRcordList.do?*</url-pattern>
</filter-mapping>
|
cs |
HTMLTagFilter
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
package egovframework.com.cmm.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
public class HTMLTagFilter implements Filter{
@SuppressWarnings("unused")
private FilterConfig config;
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
chain.doFilter(new HTMLTagFilterRequestWrapper((HttpServletRequest)request), response);
}
public void init(FilterConfig config) throws ServletException {
this.config = config;
}
public void destroy() {
}
}
|
cs |
HTMLTagFilterRequestWrapper
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
package egovframework.com.cmm.filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class HTMLTagFilterRequestWrapper extends HttpServletRequestWrapper {
public HTMLTagFilterRequestWrapper(HttpServletRequest request) {
super(request);
}
public String[] getParameterValues(String parameter) {
String[] values = super.getParameterValues(parameter);
if(values==null){
return null;
}
for (int i = 0; i < values.length; i++) {
if (values[i] != null) {
StringBuffer strBuff = new StringBuffer();
for (int j = 0; j < values[i].length(); j++) {
char c = values[i].charAt(j);
switch (c) {
case '<':
strBuff.append("<");
break;
case '>':
strBuff.append(">");
break;
//case '&':
//strBuff.append("&");
//break;
case '"':
strBuff.append(""");
break;
case '\'':
strBuff.append("'");
break;
default:
strBuff.append(c);
break;
}
}
values[i] = strBuff.toString();
} else {
values[i] = null;
}
}
return values;
}
public String getParameter(String parameter) {
String value = super.getParameter(parameter);
if(value==null){
return null;
}
StringBuffer strBuff = new StringBuffer();
for (int i = 0; i < value.length(); i++) {
char c = value.charAt(i);
switch (c) {
case '<':
strBuff.append("<");
break;
case '>':
strBuff.append(">");
break;
case '&':
strBuff.append("&");
break;
case '"':
strBuff.append(""");
break;
case '\'':
strBuff.append("'");
break;
default:
strBuff.append(c);
break;
}
}
value = strBuff.toString();
return value;
}
}
|
cs |
728x90
반응형