Xss 过滤器

smtweb-framework/bpm/src/main/resources/config/application.yaml

@@ -27,7 +27,7 @@ spring:
     password:
   datasource:
     driver-class-name: com.mysql.cj.jdbc.Driver
-    url: jdbc:mysql://127.0.0.1:3306/smt_asp?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
+    url: jdbc:mysql://127.0.0.1:3306/gdmz?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
     username: root
     password: root
   servlet:

smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/filter/XssSecurityConfig.java

@@ -59,6 +59,9 @@ public class XssSecurityConfig implements InitializingBean {
 
     @Override
     public void afterPropertiesSet() throws Exception {
+        if (regex == null || regex.size() == 0) {
+            return;
+        }
         StringBuffer tempStr = new StringBuffer("^");
         regex.forEach(k -> {
             tempStr.append(k);
@@ -88,6 +91,7 @@ public class XssSecurityConfig implements InitializingBean {
      * @return
      */
     public String securityReplace(String text) {
+        if (!initSuccess()) return text;
         if (StringUtils.isEmpty(text)) {
             return text;
         } else {
@@ -102,11 +106,16 @@ public class XssSecurityConfig implements InitializingBean {
      * @return
      */
     public boolean matches(String text) {
+        if (!initSuccess()) return false;
         if (StringUtils.isEmpty(text)) {
             return false;
         }
         return XSS_PATTERN.matcher(text).matches();
     }
+
+    private boolean initSuccess() {
+        return regex != null && regex.size() > 0;
+    }
 }