XSS简介:
跨站脚本攻击(Cross Site Scripting),缩写为XSS。恶意攻击者往Web页面里插入恶意Script代码,当用户浏览该页之时,嵌入其中Web里面的Script代码会被执行,从而达到获取cookie,恶意攻击用户的目的。例如url:http://127.0.0.1:8090/project/pages/bumenjiandu/index.jsp?skinType=white%22;alert(1345);var%20a=%22&newyear=2018#,访问时就会弹出alert.
防御方法:
使用filter进行过滤,把关键字修改成全角符号.
1.创建XssFilter.
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
public class XssFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
chain.doFilter(new