|
|
@@ -9,6 +9,9 @@
|
|
|
package cn.com.usky.filter;
|
|
|
|
|
|
|
|
|
+import org.slf4j.Logger;
|
|
|
+import org.slf4j.LoggerFactory;
|
|
|
+
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
import javax.servlet.http.HttpServletRequestWrapper;
|
|
|
|
|
|
@@ -19,6 +22,8 @@ import javax.servlet.http.HttpServletRequestWrapper;
|
|
|
* @author lirui
|
|
|
*/
|
|
|
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
|
|
+ final Logger logger = LoggerFactory.getLogger(getClass());
|
|
|
+
|
|
|
/**
|
|
|
* @param request
|
|
|
*/
|
|
|
@@ -38,9 +43,9 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
|
|
for (int i = 0; i < length; i++)
|
|
|
{
|
|
|
// 防xss攻击和过滤前后空格
|
|
|
- System.out.println("guolv111111"+values[i]);
|
|
|
+ logger.info("param-filter-before"+values[i]);
|
|
|
escapseValues[i] = EscapeUtil.clean(values[i]).trim();
|
|
|
- System.out.println("guolv111111"+escapseValues[i]);
|
|
|
+ logger.info("param-filter-after"+escapseValues[i]);
|
|
|
}
|
|
|
return escapseValues;
|
|
|
}
|
