首页 > 代码库 > 3_Jsp标签_简单标签_防盗链和转义标签的实现

3_Jsp标签_简单标签_防盗链和转义标签的实现

 一概念

1防盗链

  在HTTP协议中,有一个表头字段叫referer,采用URL的格式来表示从哪儿链接到当前的网页或文件,通过referer,网站可以检测目标网页访问的来源网页。有了referer跟踪来源就好办了,这时就可以通过技术手段来进行处理,一旦检测到来源不是本站即进行阻止或者返回指定的页面。

2页面中的转义字符

  在HTML中,定义转义字符串的原因有两个:第一个原因是像“<”和“>”这类符号已经用来表示HTML标签,因此就不能直接当作文本中的符号来使用。为了在HTML文档中使用这些符号,就需要定义它的转义字符串。

字符转义字符
"&quot;
&&amp;
<&lt;
>&gt;
空格&nbsp;

-------------------------------------------------------------------------------------------------------

2.1防盗链的实现

  1.tld约束

<tag>    <name>referer</name>    <tag-class>com.tag.RefererTag</tag-class>    <body-content>empty</body-content>    <attribute>            <name>site</name>            <required>true</required>    </attribute>    <attribute>            <name>page</name>            <required>true</required>    </attribute></tag>

   2.实现了简单Tag接口的自定义Tag处理类

package com.tag;import java.io.IOException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.jsp.JspException;import javax.servlet.jsp.PageContext;import javax.servlet.jsp.SkipPageException;import javax.servlet.jsp.tagext.SimpleTagSupport;public class RefererTag extends SimpleTagSupport{    private String site;    private String page;    public void setSite(String site) {        this.site = site;    }    public void setPage(String page) {        this.page = page;    }    @Override    public void doTag() throws JspException, IOException {                PageContext context = (PageContext)this.getJspContext();        HttpServletRequest request = (HttpServletRequest)context.getRequest();        HttpServletResponse response = (HttpServletResponse)context.getResponse();        String referer = request.getHeader("referer");        String path = request.getContextPath();        if(referer==null||referer.startsWith(site)){            if(page.startsWith(path))                response.sendRedirect(page);            else if(page.startsWith("/"))                response.sendRedirect(path+page);            else                response.sendRedirect(path+"/"+page);        //    throw new SkipPageException(); 不执行  
     //    执行则是jsp片段invoke
} } }

  3. 页面引用

------------index.jsp-------------------referer.jsp-----------

  4.结果页面跳转

-----------------------------------------------------------------------------------------------------------

2.2转义标签的实现

  1.tld约束

<tag>     <name>htmlfilter</name>    <tag-class>com.tag.HtmlFilterTag</tag-class>    <body-content>scriptless</body-content>    <!-- <body-content>tagdependent</body-content> --></tag>

  2.自定义Tag处理类(其中Filter方法来自)

apache_tomcat-6.0.39.webapps\examples\WEB-INF\classes.util包

package com.tag;import java.io.IOException;import java.io.StringWriter;import javax.servlet.jsp.JspException;import javax.servlet.jsp.tagext.JspFragment;import javax.servlet.jsp.tagext.SimpleTagSupport;public class HtmlFilterTag extends SimpleTagSupport{    @Override    public void doTag() throws JspException, IOException {        JspFragment jf = this.getJspBody();        StringWriter content = new StringWriter();        jf.invoke(content);                String _content = filter(content.getBuffer().toString());        this.getJspContext().getOut().write(_content);            }      public static String filter(String message) {            if (message == null)                return (null);            char content[] = new char[message.length()];            message.getChars(0, message.length(), content, 0);            StringBuffer result = new StringBuffer(content.length + 50);            for (int i = 0; i < content.length; i++) {                switch (content[i]) {                case ‘<‘:                    result.append("&lt;");                    break;                case ‘>‘:                    result.append("&gt;");                    break;                case ‘&‘:                    result.append("&amp;");                    break;                case ‘"‘:                    result.append("&quot;");                    break;                default:                    result.append(content[i]);                }            }            return (result.toString());        }    }

 

  3.页面引用

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@ taglib uri="http://self-tag-with-hello" prefix="i" %><html>  <head>    <title>filter</title>  </head>  <body>      <i:htmlfilter>          <a href="${pageContext.request.contextPath}/referer.jsp">小呵呵</a>            <body-content>scriptless</body-content>          </i:htmlfilter>                      </body></html>
View Code

  4.结果展示

  5.body-content类型介绍