Xss 过滤器

2 년 전 · 586c80d902
--- a/smtweb-framework/bpm/src/main/resources/config/application.yaml
+++ b/smtweb-framework/bpm/src/main/resources/config/application.yaml
@@ -27,7 +27,7 @@ spring:
    password:
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://127.0.0.1:3306/smt_asp?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
    url: jdbc:mysql://127.0.0.1:3306/gdmz?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
    username: root
    password: root
  servlet:
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/filter/XssSecurityConfig.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/filter/XssSecurityConfig.java
@@ -59,6 +59,9 @@ public class XssSecurityConfig implements InitializingBean {

    @Override
    public void afterPropertiesSet() throws Exception {
        if (regex == null || regex.size() == 0) {
            return;
        }
        StringBuffer tempStr = new StringBuffer("^");
        regex.forEach(k -> {
            tempStr.append(k);
@@ -88,6 +91,7 @@ public class XssSecurityConfig implements InitializingBean {
     * @return
     */
    public String securityReplace(String text) {
        if (!initSuccess()) return text;
        if (StringUtils.isEmpty(text)) {
            return text;
        } else {
@@ -102,11 +106,16 @@ public class XssSecurityConfig implements InitializingBean {
     * @return
     */
    public boolean matches(String text) {
        if (!initSuccess()) return false;
        if (StringUtils.isEmpty(text)) {
            return false;
        }
        return XSS_PATTERN.matcher(text).matches();
    }

    private boolean initSuccess() {
        return regex != null && regex.size() > 0;
    }
 }