1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.chukwa.util;
20
21 import javax.servlet.http.HttpServletRequest;
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24
25 import org.jsoup.Jsoup;
26 import org.jsoup.safety.Whitelist;
27 import org.owasp.esapi.ESAPI;
28
29 public class XssFilter {
30 private HttpServletRequest request = null;
31 private static Log LOG = LogFactory.getLog(XssFilter.class);
32
33 public XssFilter() {
34 }
35
36 public XssFilter(HttpServletRequest request) {
37
38 this.request = request;
39 }
40
41 public String getParameter(String key) {
42 String value=null;
43 try {
44 value=filter(this.request.getParameter(key));
45 } catch (Exception e) {
46 LOG.info("XssFilter.getParameter: Cannot get parameter for: "+key);
47 }
48 return value;
49 }
50
51 public String[] getParameterValues(String key) {
52 String[] values=null;
53 try {
54 values = this.request.getParameterValues(key);
55 int i = 0;
56 for(String value : values) {
57 values[i] = filter(value);
58 i++;
59 }
60 } catch (Exception e) {
61 LOG.info("XssFilter.getParameterValues: cannot get parameter for: "+key);
62 }
63 return values;
64 }
65
66
67
68
69
70
71 public String filter( String value ) {
72 if( value == null )
73 return null;
74
75
76 value = ESAPI.encoder().canonicalize( value );
77
78
79 value = value.replaceAll("\0", "");
80
81
82 value = Jsoup.clean( value, Whitelist.none() );
83
84 return value;
85 }
86 }