http://m.blog.csdn.net/blog/eyebrother/36007145

所以當後臺通過request.getParameter("name");對引數值的作過濾,防止XSS漏洞時,如果是通過第一種方法,是不起作用的原因。

http://www.cnblogs.com/Mainz/archive/2012/11/01/2749874.html

http://blog.csdn.net/smile_7x/article/details/19169467

http://yunjiechao-163-com.iteye.com/blog/1973803

http://topmanopensource.iteye.com/blog/2079474