//package com.nationalelectric.greenH5.Aspect;
//
//import org.aspectj.lang.annotation.Around;
//import org.aspectj.lang.annotation.Aspect;
//import org.springframework.stereotype.Component;
//import org.springframework.web.bind.annotation.RequestMapping;
//
//import com.alibaba.fastjson.JSON;
//import com.nationalelectirc.Constant.Constant;
//import com.nationalelectirc.utils.RestResult;
//
//import org.apache.commons.lang.StringEscapeUtils;
//import org.aspectj.lang.ProceedingJoinPoint;
//
///**
// * @since 2019-09-03
// * @author wangbowei
// */
//@Aspect
//@Component
//public class ParameterAspect {
//
//	
//	@Around(value="@annotation(requestMapping)",argNames = "requestMapping")
//	public Object proxy(ProceedingJoinPoint joinPoint,RequestMapping requestMapping){
//		
//		try {
//			
//	        Object[] args = joinPoint.getArgs();
//	        String req = null;
//	        if (args != null) {
//	        	for (Object arg : args) {
//	        		Object json = JSON.toJSON(arg);
//	        		req = json.toString().trim();
//	        		if(req.indexOf("{") == 0
//							&& "}".equals(String.valueOf(req.charAt(req.length()-1)))){
//	        			checkValue(req);
//	        		}
//	        		//System.out.println(arg.toString());
//				}
//			}
//			return joinPoint.proceed();
//		} catch (Throwable e) {
//			
//			
//			return new RestResult(Constant.FAILED,e.getMessage());
//		}
//	}
//	
//
//	private static final String[] keys = "<script|alert|%3cscript|script>|script%3e|alert|window|%3cinput|<input|%3cimg|<img|iframe|<iframe|%3ciframe"
//			.split("\\|");
//	private static final String[] sqls = "select|chr|\\<|\\>|where|\\*|\\#|\\\"|delete|left|right|insert|mid|master\\.|【|】|￥|\\^|\\$|drop|creat|like"
//			.split("\\|");
//	private void checkValue(String value) throws Exception{
//		for(String key : keys){
//			if(value.indexOf(key) >=0){
//				key = StringEscapeUtils.escapeHtml(key);
//				throw new Exception("您输入了非法字符!\r\n"+key);
//			}
//		}
//		for(String sql : sqls){
//			if(value.indexOf(sql) >=0){
//				sql = StringEscapeUtils.escapeHtml(sql);
//				
//				throw new Exception("您输入了非法字符!\r\n"+sql);
//				
//			}
//		}
//	}
//}