private String_do_judge judge;

if (judge.isContain(key)) {
            return "feifa";
        }

上面这写代码添加到进入action会进入的方法里面。

 

java:

package domain.service;

/**
 * 
 * @date 2015年9月22日 13:29:46
 * @author yangk 此方法用作判断非法字符串
 */
public class String_do_judge {
    public static boolean isContain(String s1) {
        String[] s2 = { "|", "&", ";", "$", "%", "@", "\'", "\"", "<", ">",
                "(", ")", "+", "CR", "LF", ",", ".", "SELECT", "FROM",
                "UPDATE", "DELETE", "UNION", "WHERE","script","document","eval" };

        for (String illegal : s2) {
            boolean doJudge = s1.equalsIgnoreCase(illegal);
            if (doJudge == true) {
                return true;
            }
        }

        return false;
    }
}

jsp:

<%@ page contentType="text/html;charset=gbk"%>
<%@ taglib uri="webwork" prefix="ww" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gbk" />
<title>芜湖市人民政府政务服务中心</title>
<SCRIPT language=JavaScript src="../js/stm31.js" 
type=text/javascript></SCRIPT>
<script language="javascript">
    if (confirm("您正在试图非法访问,请重新访问!")) {
        history.go(-1);
    } else {
        history.go(-1);
    }
 </script>
</head>
<body>

</body>

 xml:

<result name="feifa">/consultation/feifa.jsp</result>