防止重定向漏洞的方法是创建一份合法URL列表,用户只能从中进行选择,进行重定向操作。
public class RedirectServlet extends HttpServlet {protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,IOException{...String query = request.getQueryString();if (query.contains("url")) {String url = request.getParameter("url");if(safeUrls.contains(url)){response.sendRedirect(url);}...}}}
若有收获,就点个赞吧
0 人点赞
