发表新帖
发表新帖

Spring Boot escape characters at Request Body for XSS protection

后端 未结
关注
3 1644
别那么骄傲
别那么骄傲 2021-01-07 01:25

I\'m trying to secure my spring boot application using a XSSFilter like this:

public class XSSFilter implements Filter {

    @Override
    public void init(
3条回答
  • 别那么骄傲
    别那么骄傲 (楼主)
    2021-01-07 02:21

    1. Have a local String field in XSSRequestWrapper which holds the cleaned-up body (probably not suitable for large bodies).
    2. Populate this field in the constructor by reading request.getInputStream() and cleaning up the body the same way as parameters.
    3. Override getInputStream and getReader methods of HttpServletRequestWrapper, and construct an InputStream (string -> byte array -> ByteArrayInputStream) and Reader (StringReader) from the String field and return them respectively. Maybe cache the constructed InputStream and Reader objects for better performance for when the methods are called repeatedly.

    You may also be interested in cleaning up JSON when it is being deserialized into Java object.

    0 讨论(0)
 看不清?
提交回复
热议问题