优化XSS跨站脚本过滤
This commit is contained in:
@ -3,8 +3,6 @@ package com.ruoyi.common.xss;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
@ -27,16 +25,10 @@ public class XssFilter implements Filter
|
||||
*/
|
||||
public List<String> excludes = new ArrayList<>();
|
||||
|
||||
/**
|
||||
* xss过滤开关
|
||||
*/
|
||||
public boolean enabled = false;
|
||||
|
||||
@Override
|
||||
public void init(FilterConfig filterConfig) throws ServletException
|
||||
{
|
||||
String tempExcludes = filterConfig.getInitParameter("excludes");
|
||||
String tempEnabled = filterConfig.getInitParameter("enabled");
|
||||
if (StringUtils.isNotEmpty(tempExcludes))
|
||||
{
|
||||
String[] url = tempExcludes.split(",");
|
||||
@ -45,10 +37,6 @@ public class XssFilter implements Filter
|
||||
excludes.add(url[i]);
|
||||
}
|
||||
}
|
||||
if (StringUtils.isNotEmpty(tempEnabled))
|
||||
{
|
||||
enabled = Boolean.valueOf(tempEnabled);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -68,25 +56,14 @@ public class XssFilter implements Filter
|
||||
|
||||
private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response)
|
||||
{
|
||||
if (!enabled)
|
||||
String url = request.getServletPath();
|
||||
String method = request.getMethod();
|
||||
// GET DELETE 不过滤
|
||||
if (method == null || method.matches("GET") || method.matches("DELETE"))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
if (excludes == null || excludes.isEmpty())
|
||||
{
|
||||
return false;
|
||||
}
|
||||
String url = request.getServletPath();
|
||||
for (String pattern : excludes)
|
||||
{
|
||||
Pattern p = Pattern.compile("^" + pattern);
|
||||
Matcher m = p.matcher(url);
|
||||
if (m.find())
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
return StringUtils.matches(url, excludes);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
Reference in New Issue
Block a user