递归获取Object的value值,并改变
方法:
//判断类型 走不同的方法
public static void changeData(Object data){
if(data instanceof List){
for (int i=0; i<((List) data).size();i++){
Object oTemp = ((List) data).get(i);
if(oTemp instanceof String){
((List) data).set(i,ESAPI.encoder().encodeForHTML((String)((List) data).get(i)));
}else if(oTemp instanceof List || oTemp instanceof Map || oTemp instanceof PagedResult){
changeData(((List) data).get(i));
}else{
((List) data).set(i,getObj(((List) data).get(i)));
}
}
}
if(data instanceof Map){
Iterator it = ((Map)data).entrySet().iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
Object value = entry.getValue();
if(value instanceof String && value!=null){
entry.setValue(ESAPI.encoder().encodeForHTML((String)value));
}else if(value instanceof List || value instanceof Map || value instanceof PagedResult){
changeData(value);
}else{
entry.setValue(getObj(value));
}
}
}
if(data instanceof PagedResult){
List<Object> newlist = new ArrayList<>();
List<T> list = ((PagedResult) data).getList();
for (int i=0; i<list.size();i++){
Object obj = JSONObject.toJSON(list.get(i));//将对象转化为json格式对象
Iterator it = ((JSONObject) obj).entrySet().iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
Object value = entry.getValue();
if(value instanceof String && value!=null){
entry.setValue(ESAPI.encoder().encodeForHTML((String)value));
}else{
changeData(value);
}
}
newlist.add(obj);
}
((PagedResult) data).setList(newlist);
}
}
// 如果是个对象,那么就将对象的值进行转换,并返回
public static Object getObj(Object data){
if(data == null || data instanceof Long || data instanceof Integer || data instanceof String || data instanceof Date
|| data instanceof Boolean || data instanceof Float || data instanceof Double || data instanceof Map || data instanceof List){
return data;
}
try {
Object obj = JSONObject.toJSON(data);//将对象转化为json格式对象
Iterator it = ((JSONObject) obj).entrySet().iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
Object value = entry.getValue();
if(value!=null){
if(value instanceof String){
entry.setValue(ESAPI.encoder().encodeForHTML((String)value));
}else{
changeData(value);
}
}
}
if(((JSONObject) obj).size()>0){
data = obj;
}
}catch (Exception e){
}
return data;
}
测试:
public static void main(String[] args) {
Object ob = new Object();
Map<String, Object> m = new HashMap<>();
m.put("1", "1<>");
m.put("2", "2");
m.put("3", "3");
m.put("4", "4");
m.put("3", "2");
List<List<String>> list = new ArrayList<>();
List<String> l = new ArrayList<>();
l.add("a");
l.add("a");
l.add("a");
l.add("a");
for (int i = 0; i < l.size(); i++) {
l.set(i, "b<>");
}
list.add(l);
m.put("list", list);
String s = "fds<>";
PagedResult<AlarmM> pagedResult = new PagedResult<AlarmM>();
List<AlarmM> lists = new ArrayList<>();
AlarmM am = new AlarmM();
am.setAlarmId(1l);
am.setAlarmName("发送<script>alert('x我是一个小帅哥 afdafdafsadfss')</script>惹我热无a");
am.setAlarmTypeName("发送<script>alert('x我是一个小帅哥 afdafdafsadfss')</script>惹我热无a");
lists.add(am);
pagedResult.setList(lists);
ob = pagedResult;
System.out.println(ob.toString());
// result.put("ddd","fdsf");
changeData(ob);
System.err.println(ob.toString());
}
浙公网安备 33010602011771号