XSS漏洞修复方案是什么

XSS漏洞修复方案是什么，针对这个问题，这篇文章详细介绍了相对应的分析和解答，希望可以帮助更多想解决这个问题的小伙伴找到更简单易行的方法。

基本概念及解决办法

比较典型的XSS攻击漏洞（Cascading Style Sheets, CSS），俗称跨站脚本攻击；解决办法：将特殊字符进行转义

1、增加过滤器XssFilter.java

public class XssFilter implements Filter {    FilterConfig filterConfig = null;    private List urlExclusion = null;    public void init(FilterConfig filterConfig) throws ServletException {        this.filterConfig = filterConfig;    }    public void destroy() {        this.filterConfig = null;    }    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {        HttpServletRequest httpServletRequest = (HttpServletRequest) request;        String servletPath = httpServletRequest.getServletPath();        if (urlExclusion != null && urlExclusion.contains(servletPath)) {            chain.doFilter(request, response);        } else {            chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request), response);        }    }    public List getUrlExclusion() {        return urlExclusion;    }    public void setUrlExclusion(List urlExclusion) {        this.urlExclusion = urlExclusion;    }}

public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {    public XssHttpServletRequestWrapper(HttpServletRequest servletRequest) {        super(servletRequest);    }    public String[] getParameterValues(String parameter) {        String[] values = super.getParameterValues(parameter);        if (values == null) {            return null;        }        int count = values.length;        String[] encodedValues = new String[count];        for (int i = 0; i < count; i++) {            encodedValues[i] = cleanXSS(values[i]);        }        return encodedValues;    }    public String getParameter(String parameter) {        String value = super.getParameter(parameter);        if (value == null) {            return null;        }        return cleanXSS(value);    }    public String getHeader(String name) {        String value = super.getHeader(name);        if (value == null)            return null;        return cleanXSS(value);    }    private String cleanXSS(String value) {        //You'll need to remove the spaces from the html entities below        value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");        value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");        value = value.replaceAll("'", "& #39;");        value = value.replaceAll("eval\\((.*)\\)", "");        value = value.replaceAll("[\\\"\\\'][\\s]*_javascript:(.*)[\\\"\\\']", "\"\"");        value = value.replaceAll("script", "");        return value;    }}

2、web.xml增加过滤器配置

        XssFilter        com.powersi.hygeia.web.filter.XssFilter        XssFilter        /*

关于XSS漏洞修复方案是什么问题的解答就分享到这里了，希望以上内容可以对大家有一定的帮助，如果你还有很多疑惑没有解开，可以关注行业资讯频道了解更多相关知识。