Commit 0ec124a2 authored by zengtianlai3's avatar zengtianlai3

2.1.1 跨站脚本:反射型XSS

parent c9c45b60
...@@ -9,12 +9,8 @@ import iot.sixiang.license.model.vo.EncryptVo; ...@@ -9,12 +9,8 @@ import iot.sixiang.license.model.vo.EncryptVo;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.*;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.lang.reflect.InvocationTargetException;
/** /**
* Title: EncryptController * Title: EncryptController
......
...@@ -7,11 +7,10 @@ import iot.sixiang.license.model.ResResult; ...@@ -7,11 +7,10 @@ import iot.sixiang.license.model.ResResult;
import iot.sixiang.license.model.vo.MaskingVo; import iot.sixiang.license.model.vo.MaskingVo;
import iot.sixiang.license.util.CommonUtil; import iot.sixiang.license.util.CommonUtil;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.owasp.esapi.ESAPI;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.*;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/** /**
* Title: MaskingController * Title: MaskingController
...@@ -44,8 +43,8 @@ public class MaskingController { ...@@ -44,8 +43,8 @@ public class MaskingController {
} }
MaskingVo vo = new MaskingVo(); MaskingVo vo = new MaskingVo();
vo.setUserName(ESAPI.encoder().encodeForHTML(CommonUtil.nameDesensitization(maskingVo.getUserName()))); vo.setUserName(ESAPI.encoder().encodeForDN(CommonUtil.nameDesensitization(maskingVo.getUserName())));
vo.setIdCard(CommonUtil.idCardEncrypt(maskingVo.getIdCard())); vo.setIdCard(ESAPI.encoder().encodeForDN(CommonUtil.idCardEncrypt(maskingVo.getIdCard())));
return ResResult.success().goRecord(vo); return ResResult.success().goRecord(vo);
} }
......
...@@ -104,6 +104,9 @@ public class OperateController { ...@@ -104,6 +104,9 @@ public class OperateController {
String user = UserUtils.getLoginUserId(); String user = UserUtils.getLoginUserId();
int userI = Integer.valueOf(user); int userI = Integer.valueOf(user);
List<AlarmVo> alarmList = alarmService.getAlarmList(userI); List<AlarmVo> alarmList = alarmService.getAlarmList(userI);
for (AlarmVo alarmVo : alarmList) {
alarmVo.setLevelDescribe(ESAPI.encoder().encodeForHTML(alarmVo.getLevelDescribe()));
}
return ResResult.success().goRecord(alarmList); return ResResult.success().goRecord(alarmList);
} }
......
...@@ -34,7 +34,7 @@ public class AlarmServiceImpl extends ServiceImpl<AlarmMapper, Alarm> implements ...@@ -34,7 +34,7 @@ public class AlarmServiceImpl extends ServiceImpl<AlarmMapper, Alarm> implements
alarmVos = alarmVos.stream().sorted(Comparator.comparing(AlarmVo::getCreateTime, Comparator.reverseOrder())).collect(Collectors.toList()); alarmVos = alarmVos.stream().sorted(Comparator.comparing(AlarmVo::getCreateTime, Comparator.reverseOrder())).collect(Collectors.toList());
if (alarmVos != null && !alarmVos.isEmpty()) { if (alarmVos != null && !alarmVos.isEmpty()) {
for (AlarmVo alarmVo : alarmVos) { for (AlarmVo alarmVo : alarmVos) {
alarmVo.setContent(ESAPI.encoder().encodeForHTML(alarmVo.getContent())); alarmVo.setContent(ESAPI.encoder().encodeForDN(alarmVo.getContent()));
} }
} }
return alarmVos; return alarmVos;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment