Servlet过滤字符串的HTML特殊字符
(1)在一些情况下我们在用户输入数据的时候我们要判断一下是否合法,就是要过滤一下用户输入的信息是否含有特殊字符;
(2)直接上代码,以供大家参考学习:
ServletUtilities类:
package com.lc.ch04Biaodanshuju; import javax.servlet.http.HttpServletRequest; public class ServletUtilities { public static String filter(String input) { if (!hasSpecialChars(input)) { return(input); } StringBuffer filtered = new StringBuffer(input.length()); char c; for(int i=0; i<input.length(); i++) { c = input.charAt(i); switch(c) { case '<': filtered.append("<"); break; case '>': filtered.append(">"); break; case '"': filtered.append("""); break; case '&': filtered.append("&"); break; default: filtered.append(c); } } return(filtered.toString()); } private static boolean hasSpecialChars(String input) { boolean flag = false; if ((input != null) && (input.length() > 0)) { char c; for(int i=0; i<input.length(); i++) { c = input.charAt(i); switch(c) { case '<': flag = true; break; case '>': flag = true; break; case '"': flag = true; break; case '&': flag = true; break; } } } return(flag); } }
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!-- Front end to BadCodeServlet. Taken from Core Servlets and JavaServer Pages 2nd Edition from Prentice Hall and Sun Microsystems Press, http://www.coreservlets.com/. (C) 2003 Marty Hall; may be freely used or adapted. --> <HTML><HEAD><TITLE>Submit Code Sample</TITLE></HEAD> <BODY BGCOLOR="#FDF5E6"> <CENTER> <H1 ALIGN="CENTER">Submit Code Sample</H1> <FORM ACTION="/servlet/coreservlets.BadCodeServlet"> Code:<BR> <TEXTAREA ROWS="6" COLS="40" NAME="code"></TEXTAREA><P> <INPUT TYPE="SUBMIT" VALUE="Submit Code"> </FORM> </CENTER></BODY></HTML>
package com.lc.ch04Biaodanshuju; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class BadCodeServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "Code Sample"; String docType = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " + "Transitional//EN\">\n"; out.println(docType + "<HTML>\n" + "<HEAD><TITLE>" + title + "</TITLE></HEAD>\n" + "<BODY BGCOLOR=\"#FDF5E6\">\n" + "<H1 ALIGN=\"CENTER\">" + title + "</H1>\n" + "<PRE>\n" + getCode(request) + "</PRE>\n" + "Now, wasn't that an interesting sample\n" + "of code?\n" + "</BODY></HTML>"); } protected String getCode(HttpServletRequest request) { return(request.getParameter("code")); } }
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。