//package com.nuvole.four.config.filter;
//
//import cn.hutool.core.util.StrUtil;
//import org.springframework.stereotype.Component;
//
//import javax.servlet.*;
//import javax.servlet.annotation.WebFilter;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//
///**
// * @author ChenLong
// * @version 1.0
// * @ClassName XssFilter
// * @date 2019/7/16 19:21
// * @Description XSS过滤器
// */
//@Component
//@WebFilter(urlPatterns = "/*", filterName = "filter1")
//public class XssFilter implements Filter {
//
//    public void destroy() {
//
//    }
//
//    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//        HttpServletRequest req = (HttpServletRequest) request;
//        HttpServletResponse resp = (HttpServletResponse) response;
//        //点击劫持：X-Frame-Options未配置  漏洞修改
//        resp.addHeader("x-frame-options","SAMEORIGIN");
//        if (req.getMethod().equals("OPTIONS")) {
//            chain.doFilter(req, resp);
//        }else if(StrUtil.isNotBlank(req.getHeader("Content-Type")) && req.getHeader("Content-Type").startsWith("multipart/form-data;")) {
//            chain.doFilter(req, resp);
//        } else {
//            chain.doFilter(new XssRequestWrapper(req), resp);
//        }
//    }
//
//    public void init(FilterConfig filterConfig)throws ServletException{
//
//    }
//
//}