自定義一個注解@Xss。名字隨意
import javax.validation.Constraint;
import javax.validation.Payload;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;/*** 自定義xss校驗注解* * @author chfatech*/
@Retention(RetentionPolicy.RUNTIME)
@Target(value = { ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER })
@Constraint(validatedBy = { XssValidator.class })
public @interface Xss
{String message()default "不允許任何腳本運行";Class<?>[] groups() default {};Class<? extends Payload>[] payload() default {};
}
validator校驗類:XssValidator。這個校驗類要和上面的@Xss注解上的
@Constraint(validatedBy = { XssValidator.class })對應
import com.chfatech.common.utils.StringUtils;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import java.util.regex.Matcher;
import java.util.regex.Pattern;/*** 自定義xss校驗注解實現* * @author chfatech*/
public class XssValidator implements ConstraintValidator<Xss, String>
{private static final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />";@Overridepublic boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext){if (StringUtils.isBlank(value)){return true;}return !containsHtml(value);}public static boolean containsHtml(String value){Pattern pattern = Pattern.compile(HTML_PATTERN);Matcher matcher = pattern.matcher(value);return matcher.matches();}
}
具體使用在某個字段上加上注解;形如:
@Data
public class HomeQuery {@ApiModelProperty(name = "keyword",value = "搜索關鍵詞")@Xss@SqlInject(message = "{exists.illge.word}")private String keyword;@ApiModelProperty(name = "sdgId",value = "sdg主鍵id")private Long sdgId;
}
然后在控制層中增加@Validated注解校驗就可以了
?以上代碼實現后。會自動針對某些增加了@Xss字符進行校驗。如果想增加sql注入校驗。以上方法類似
)
![SQL中CONVERT函數格式:CONVERT(data_type,expression[,style])](http://pic.xiahunao.cn/SQL中CONVERT函數格式:CONVERT(data_type,expression[,style]))
)
前繼概念)
)
)
)
