package name="default" namespace="/"
    extends="struts-default, json-default">
    !-- 配置拦截器 -->
    interceptors>
      !-- 定义xss拦截器 -->
      interceptor name="xssInterceptor" class="...此处填写拦截器类名">/interceptor>
      !-- 定义一个包含xss拦截的拦截栈 -->
      interceptor-stack name="myDefault">
        interceptor-ref name="xssInterceptor">/interceptor-ref>
        interceptor-ref name="defaultStack">/interceptor-ref>
      /interceptor-stack>
    /interceptors>
    !-- 这个必须配置，否则拦截器不生效 -->
    default-interceptor-ref name="myDefault">/default-interceptor-ref>
    action>
    ...此处省略n个action
    /action>
  /package>

import java.util.Map;

import org.apache.commons.lang3.StringEscapeUtils;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;

public class XssInterceptor extends AbstractInterceptor{

  @Override
  public String intercept(ActionInvocation invocation) throws Exception {
    // TODO Auto-generated method stub
    ActionContext actionContext = invocation.getInvocationContext();
    MapString, Object> map = actionContext.getParameters();
    for (Map.EntryString, Object> entry : map.entrySet()) {
      String value = ((String[])(entry.getValue()))[0];
      entry.setValue(StringEscapeUtils.escapeHtml4(value));//将提交上来的字符串进行转码
      //System.out.println((entry.getValue()));
    }
    return invocation.invoke();
  }
}