1. Xss 的完成

2. 完善 README 文档
2025-07-24 07:55:06 +08:00 · 2021-02-22 01:01:52 +08:00
parent 593e14f3a9
commit 507f55f3c9
7 changed files with 88 additions and 176 deletions
--- a/src/main/java/cn/iocoder/dashboard/framework/web/core/filter/XssRequestWrapper.java
+++ b/src/main/java/cn/iocoder/dashboard/framework/web/core/filter/XssRequestWrapper.java
@ -1,6 +1,8 @@
 package cn.iocoder.dashboard.framework.web.core.filter;

+import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.io.IoUtil;
+import cn.hutool.core.util.ArrayUtil;
 import cn.hutool.core.util.ReflectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.http.HTMLFilter;
@ -14,6 +16,7 @@ import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.util.Map;

 /**
 * Xss 请求 Wrapper
@ -36,7 +39,7 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
        super(request);
    }

-    private static String filterHtml(String content) {
+    private static String filterXss(String content) {
        if (StrUtil.isEmpty(content)) {
            return content;
        }
@ -59,7 +62,7 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {

        // 读取内容，并过滤
        String content = IoUtil.readUtf8(super.getInputStream());
-        content = filterHtml(content);
+        content = filterXss(content);
        final ByteArrayInputStream newInputStream = new ByteArrayInputStream(content.getBytes());
        // 返回 ServletInputStream
        return new ServletInputStream() {
@ -87,6 +90,47 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {

    // ========== Param 相关 ==========

+    @Override
+    public String getParameter(String name) {
+        String value = super.getParameter(name);
+        return filterXss(value);
+    }
+
+    @Override
+    public String[] getParameterValues(String name) {
+        String[] values = super.getParameterValues(name);
+        if (ArrayUtil.isEmpty(values)) {
+            return values;
+        }
+        // 过滤处理
+        for (int i = 0; i < values.length; i++) {
+            values[i] = filterXss(values[i]);
+        }
+        return values;
+    }
+
+    @Override
+    public Map<String, String[]> getParameterMap() {
+        Map<String, String[]> valueMap = super.getParameterMap();
+        if (CollUtil.isEmpty(valueMap)) {
+            return valueMap;
+        }
+        // 过滤处理
+        for (Map.Entry<String, String[]> entry : valueMap.entrySet()) {
+            String[] values = entry.getValue();
+            for (int i = 0; i < values.length; i++) {
+                values[i] = filterXss(values[i]);
+            }
+        }
+        return valueMap;
+    }
+
    // ========== Header 相关 ==========

+    @Override
+    public String getHeader(String name) {
+        String value = super.getHeader(name);
+        return filterXss(value);
+    }
+
 }