Browse Source

Xss 过滤器

master
yaoq 2 years ago
parent
commit
586c80d902
2 changed files with 10 additions and 1 deletions
  1. +1
    -1
      smtweb-framework/bpm/src/main/resources/config/application.yaml
  2. +9
    -0
      smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/filter/XssSecurityConfig.java

+ 1
- 1
smtweb-framework/bpm/src/main/resources/config/application.yaml View File

@@ -27,7 +27,7 @@ spring:
password: password:
datasource: datasource:
driver-class-name: com.mysql.cj.jdbc.Driver driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/smt_asp?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
url: jdbc:mysql://127.0.0.1:3306/gdmz?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true&useSSL=false
username: root username: root
password: root password: root
servlet: servlet:


+ 9
- 0
smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/filter/XssSecurityConfig.java View File

@@ -59,6 +59,9 @@ public class XssSecurityConfig implements InitializingBean {


@Override @Override
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
if (regex == null || regex.size() == 0) {
return;
}
StringBuffer tempStr = new StringBuffer("^"); StringBuffer tempStr = new StringBuffer("^");
regex.forEach(k -> { regex.forEach(k -> {
tempStr.append(k); tempStr.append(k);
@@ -88,6 +91,7 @@ public class XssSecurityConfig implements InitializingBean {
* @return * @return
*/ */
public String securityReplace(String text) { public String securityReplace(String text) {
if (!initSuccess()) return text;
if (StringUtils.isEmpty(text)) { if (StringUtils.isEmpty(text)) {
return text; return text;
} else { } else {
@@ -102,11 +106,16 @@ public class XssSecurityConfig implements InitializingBean {
* @return * @return
*/ */
public boolean matches(String text) { public boolean matches(String text) {
if (!initSuccess()) return false;
if (StringUtils.isEmpty(text)) { if (StringUtils.isEmpty(text)) {
return false; return false;
} }
return XSS_PATTERN.matcher(text).matches(); return XSS_PATTERN.matcher(text).matches();
} }

private boolean initSuccess() {
return regex != null && regex.size() > 0;
}
} }





Loading…
Cancel
Save