<<jsp&sevlet 学习笔记>> 课后题P178 3

题目:你的应用程序不允许用户输入 html 标签但可以允许用户输入一些代码做简单样式,例如:

• [b]粗体[/b]

• [i]斜体[/i]

• [big]放大字体[/big]

• [small]缩小字体[/small]

一:运行效果:

(1).用户自定义HTML标签

 

(2)过滤HTML标签:

提交前:

提交后:

前后结果表面上看是一样的,实际提交后的HTML字符已经做了过滤,断点调试超链接处理过的结果:

 二:HTML标签过滤器:

 1 package cc.openhome.controler;
 2 
 3 import javax.servlet.*;
 4 import javax.servlet.annotation.WebFilter;
 5 import javax.servlet.http.HttpServletRequest;
 6 import javax.servlet.http.HttpServletResponse;
 7 import java.io.IOException;
 8 
 9 @WebFilter("/*")
10 public class HtmlFilter implements Filter {
11     @Override
12     public void init(FilterConfig filterConfig) throws ServletException {
13 
14     }
15 
16     @Override
17     public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain chain) throws IOException, ServletException {
18         HttpServletRequest req = (HttpServletRequest) sreq;
19         HttpServletResponse resp = (HttpServletResponse) sresp;
20         MyHtmlRequest mreq = new MyHtmlRequest(req);
21         chain.doFilter(mreq,resp);
22     }
23     @Override
24     public void destroy() {
25 
26     }
27 }

过滤HTML标签方法:

 1 package cc.openhome.controler;
 2 
 3 import javax.servlet.http.HttpServletRequest;
 4 import javax.servlet.http.HttpServletRequestWrapper;
 5 
 6 public class MyHtmlRequest extends HttpServletRequestWrapper {
 7     private HttpServletRequest req;
 8     public MyHtmlRequest(HttpServletRequest req){
 9         super(req);
10         this.req = req;
11     }
12 
13     public String getParameter(String name){
14         String value = getRequest().getParameter(name);
15         if(value == null){
16             return null;
17         }
18         return filter(value);
19     }
20 
21     public String filter(String message){
22         if(message == null){
23             return null;
24         }
25         char content[] = new char[message.length()];
26         message.getChars(0,message.length(),content,0);
27         StringBuilder result = new StringBuilder(content.length + 50);
28         for(int i = 0;i < content.length;i++){
29             switch (content[i]){
30                 case '<':
31                     result.append("&lt;");
32                     break;
33                 case '>':
34                     result.append("&gt;");
35                     break;
36                 case '&':
37                     result.append("&amp;");
38                     break;
39                 case '"':
40                     result.append("&quot");
41                     break;
42                 default:
43                     result.append(content[i]);
44             }
45         }
46         return result.toString();
47     }
48 }

三:用户自定义标签过滤器

 1 package cc.openhome.controler;
 2 
 3 import javax.servlet.*;
 4 import javax.servlet.annotation.WebFilter;
 5 import javax.servlet.http.HttpServletRequest;
 6 import javax.servlet.http.HttpServletResponse;
 7 import java.io.IOException;
 8 
 9 @WebFilter("/*")
10 public class CustomizeStyleFilter implements Filter {
11     @Override
12     public void init(FilterConfig filterConfig) throws ServletException {
13 
14     }
15 
16     @Override
17     public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain chain) throws IOException, ServletException {
18         HttpServletRequest req = (HttpServletRequest) sreq;
19         HttpServletResponse resp = (HttpServletResponse) sresp;
20 
21         CustomizeStyle custyle = new CustomizeStyle(req);
22         chain.doFilter(custyle,resp);
23     }
24 
25     @Override
26     public void destroy() {
27 
28     }
29 }

过滤特殊字符方法:

 1 package cc.openhome.controler;
 2 
 3 import javax.servlet.http.HttpServletRequest;
 4 import javax.servlet.http.HttpServletRequestWrapper;
 5 
 6 public class CustomizeStyle extends HttpServletRequestWrapper {
 7 
 8     private HttpServletRequest req;
 9     public CustomizeStyle(HttpServletRequest req){
10         super(req);
11         this.req = req;
12     }
13 
14     public String getParameter(String name){
15         String value = this.req.getParameter(name);
16         if(value == null){
17             return null;
18         }
19         return filter(value);
20     }
21 
22     public String filter(String message){
23         if (message == null){
24             return null;
25         }
26         char content[] = new char[message.length()];
27         message.getChars(0,message.length(),content,0);
28         StringBuffer res = new StringBuffer(content.length+50);
29         for(int i = 0;i < content.length;i++){
30             switch (content[i]){
31                 case '[' :
32                 res.append('<');
33                 break;
34                 case ']':
35                 res.append('>');
36                 break;
37                 default:
38                 res.append(content[i]);
39                 break;
40             }
41 
42         }
43         return res.toString();
44     }
45 }

四:展示过滤结果的代码

 1 package cc.openhome.view;
 2 
 3 import javax.servlet.ServletException;
 4 import javax.servlet.annotation.WebServlet;
 5 import javax.servlet.http.HttpServlet;
 6 import javax.servlet.http.HttpServletRequest;
 7 import javax.servlet.http.HttpServletResponse;
 8 import java.io.IOException;
 9 import java.io.PrintWriter;
10 
11 @WebServlet("/htmltext.view")
12 public class HtmlFilterText extends HttpServlet {
13     @Override
14     protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
15         req.setCharacterEncoding("UTF-8");
16         resp.setContentType("text/html;charset=UTF-8");
17         String name = req.getParameter("username");
18         String content = req.getParameter("comment");
19         PrintWriter out = resp.getWriter();
20         out.println("<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01'" +
21                 "Transitional//EN");
22         out.println("<html>");
23         out.println("<head>");
24         out.println("<title>文本显示</title>");
25         out.println("<meta http-equiv='Content-Type' content='text/html;charset=UTF-8'>");
26         out.println("</head>");
27         out.println("<body>");
28         out.println("<form action='' method='post'>");
29         out.println("用户名: <input type='text' name='user' value="+name+"><br>");
30         //out.println("文本:  <textarea rows='4' cols='50' name=''>");
31         //out.println(content);
32         //out.println("</textarea>");
33         //out.println("提交: <input type= 'submit'>");
34         out.println(content);
35         out.println("</form>");
36         out.println("</body>");
37         out.println("</html>");
38         out.close();
39     }
40 }

说明: 笨菜原想在输入文本textarea中,展示字体样式,发现前端功力不够,没有过多研究,就直接显示在body里面了.

五:首页请求页面:

 1 <!DOCTYPE html>
 2 <html lang="en">
 3 <head>
 4     <meta charset="UTF-8">
 5     <title>html字符过滤</title>
 6 </head>
 7 <body>
 8 <form action="htmltext.view" id="uform" method="post">
 9 name: <input type="text" name="username"><br>
10 文本:  <textarea rows="4" cols="50" name="comment" form="uform"></textarea><br>
11 提交:    <input type="submit">
12 </form>
13 </body>
14 </html>
textarea-form.html

六:运行动态效果:

七:总结:

(1).曾经在导入  commons-text-1.6.jar 包时,使用 StringEscapeUtils.escapeHtml(),来完成将取得的请求参数值进行字符替换时出现一下错误未能解决:

在stacOverflow上提问,有国外大佬说是可能引入包的编译路径和运行路径不一致导致的,笨菜未能找到运行路径和编译路径,暂时搁置,若有大神看到此贴请指点笨菜一波.

所以重新写了HTML标签过滤器

(2),web Filter的使用过程.

(3),未设置过滤器顺序,本程序先运行的HTML过滤器,后运行的自定义过滤器.

八.参考文档:

https://cloud.tencent.com/developer/article/1129462

感谢文档作者. 

 posted on 2018-11-26 22:42  岂曰-无衣  阅读(224)  评论(0编辑  收藏  举报