<%-- * [功能] 工具管理::外挂模块 ——评论 --%> <%@page contentType="text/html;charset=UTF-8" %> <%@page import="com.hanweb.common.util.Convert"%> <%@page import="jcms.util.AccessUtil"%> <% if(!AccessUtil.checkAccess(request)){ //阻止跨站点请求伪造 out.print(Convert.getAlterScript("location.href='../../';")); return; } String strQuery = Convert.getValue(request.getQueryString()); strQuery = strQuery.replaceAll("(?i)]*>.*?<\\/script>","").replaceAll("\"",""); String referer = request.getHeader("Referer"); response.setHeader("Referer",referer); response.sendRedirect("./comment.jsp?"+strQuery); %>