hhyykk/ipms-sjy
1
1
Fork 0
mirror of https://gitee.com/hhyykk/ipms-sjy.git synced 2025-10-31 10:18:42 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

HTML过滤器改为将html转义

Browse Source
This commit is contained in:
RuoYi
2020-07-28 17:28:09 +08:00
parent fe030cc022
commit 22225a5119
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
View File

@@ -144,7 +144,10 @@ public class EscapeUtil
public static void main(String[] args)
{
String html = "alert('11111');";
String html = "<script>alert(1);</script>";
// String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
// String html = "<123";
// String html = "123>";
System.out.println(EscapeUtil.clean(html));
System.out.println(EscapeUtil.escape(html));
System.out.println(EscapeUtil.unescape(html));

5
ruoyi-common/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java
View File

@@ -131,7 +131,7 @@ public final class HTMLFilter
vAllowedEntities = new String[] { "amp", "gt", "lt", "quot" };
stripComment = true;
encodeQuotes = true;
alwaysMakeTags = true;
alwaysMakeTags = false;
}
/**
@@ -208,7 +208,7 @@ public final class HTMLFilter
s = processRemoveBlanks(s);
s = validateEntities(s);
// s = validateEntities(s);
return s;
}
@@ -245,6 +245,7 @@ public final class HTMLFilter
// try and form html
//
s = regexReplace(P_END_ARROW, "", s);
// 不追加结束标签
s = regexReplace(P_BODY_TO_END, "<$1>", s);
s = regexReplace(P_XML_CONTENT, "$1<$2", s);