hhyykk/RuoYi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化XSS跨站脚本过滤

Browse Source
This commit is contained in:
RuoYi
2021-07-28 16:37:56 +08:00
parent 15c7578692
commit 27277b51d7
4 changed files with 127 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java
View File

@ -4,6 +4,7 @@ import java.util.HashMap;
import java.util.Map;
import javax.servlet.DispatcherType;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@ -16,11 +17,9 @@ import com.ruoyi.common.xss.XssFilter;
* @author ruoyi
*/
@Configuration
@ConditionalOnProperty(value = "xss.enabled", havingValue = "true")
public class FilterConfig
{
@Value("${xss.enabled}")
private String enabled;
@Value("${xss.excludes}")
private String excludes;
@ -36,10 +35,9 @@ public class FilterConfig
registration.setFilter(new XssFilter());
registration.addUrlPatterns(StringUtils.split(urlPatterns, ","));
registration.setName("xssFilter");
registration.setOrder(Integer.MAX_VALUE);
registration.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("excludes", excludes);
initParameters.put("enabled", enabled);
registration.setInitParameters(initParameters);
return registration;
}