index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="dealwith.jsp" method="post">
用戶名:<input type="text" name="username"><br>
密碼:<input type="password" name="password"><br>
提交:<input type="submit" value="提交"><br>
</form>
</body>
</html>
index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="http://localhost:8081/2020年5月13日/dealwith.jsp" method="post">
用戶名:<input type="text" name="username"><br>
密碼:<input type="password" name="password"><br>
提交:<input type="submit" value="提交"><br>
</body>
</html>
dealwith.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ page import="java.net.*" %>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<%
String address=request.getHeader("referer");
String pathAdd="";
if(address!=null){
URL urlOne=new URL(address);
pathAdd=urlOne.getHost();
}
String address1=request.getRequestURL().toString();
String pathAdd1="";
if(address1!=null){
URL urlTwo=new URL(address1);
pathAdd1=urlTwo.getHost();
}
%>
<%=address %><br>
<%=address1 %><br>
<%=pathAdd %><br>
<%=pathAdd1 %><br>
<%
if(!pathAdd.equals(pathAdd1)){
out.print("禁止在網址外部提交");
}else{
%>
歡迎您:<%=request.getParameter("username") %>
<%
}
%>
運行截圖
從網站內部提交
從網站外部提交則會出現禁止從網站外部提交
從網站外部提交:
