撤销

license/src/main/java/iot/sixiang/license/xss/AntiSamyConfig.java

-package iot.sixiang.license.xss;
-
-/**
- * Title: AntiSamyConfig
- * Description: TODO
- *
- * @author tianlai3
- * @date 2022-07-17 01:18:02
- */
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.module.SimpleModule;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
-
-import javax.servlet.Filter;
-
-
-@Configuration
-public class AntiSamyConfig {
-
-    /**
-     * 配置XSS过滤器
-     *
-     * @return FilterRegistrationBean
-     */
-    @Bean
-    public FilterRegistrationBean<Filter> filterRegistrationBean() {
-        FilterRegistrationBean<Filter> filterRegistrationBean = new FilterRegistrationBean<>(new XssFilter2());
-        filterRegistrationBean.addUrlPatterns("/iot_license/*");
-        filterRegistrationBean.setOrder(1);
-        return filterRegistrationBean;
-    }
-
-    /**
-     * 用于过滤Json类型数据的解析器
-     *
-     * @param builder Jackson2ObjectMapperBuilder
-     * @return ObjectMapper
-     */
-    @Bean
-    public ObjectMapper xssObjectMapper(Jackson2ObjectMapperBuilder builder) {
-        // 创建解析器
-        ObjectMapper objectMapper = builder.createXmlMapper(false).build();
-        // 注册解析器
-        SimpleModule simpleModule = new SimpleModule("XssStringJsonSerializer");
-        simpleModule.addSerializer(new XssRequestWrapper2.XssStringJsonSerializer());
-        objectMapper.registerModule(simpleModule);
-        return objectMapper;
-    }
-}
+//package iot.sixiang.license.xss;
+//
+///**
+// * Title: AntiSamyConfig
+// * Description: TODO
+// *
+// * @author tianlai3
+// * @date 2022-07-17 01:18:02
+// */
+//import com.fasterxml.jackson.databind.ObjectMapper;
+//import com.fasterxml.jackson.databind.module.SimpleModule;
+//import org.springframework.boot.web.servlet.FilterRegistrationBean;
+//import org.springframework.context.annotation.Bean;
+//import org.springframework.context.annotation.Configuration;
+//import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
+//
+//import javax.servlet.Filter;
+//
+//
+//@Configuration
+//public class AntiSamyConfig {
+//
+//    /**
+//     * 配置XSS过滤器
+//     *
+//     * @return FilterRegistrationBean
+//     */
+//    @Bean
+//    public FilterRegistrationBean<Filter> filterRegistrationBean() {
+//        FilterRegistrationBean<Filter> filterRegistrationBean = new FilterRegistrationBean<>(new XssFilter2());
+//        filterRegistrationBean.addUrlPatterns("/iot_license/*");
+//        filterRegistrationBean.setOrder(1);
+//        return filterRegistrationBean;
+//    }
+//
+//    /**
+//     * 用于过滤Json类型数据的解析器
+//     *
+//     * @param builder Jackson2ObjectMapperBuilder
+//     * @return ObjectMapper
+//     */
+//    @Bean
+//    public ObjectMapper xssObjectMapper(Jackson2ObjectMapperBuilder builder) {
+//        // 创建解析器
+//        ObjectMapper objectMapper = builder.createXmlMapper(false).build();
+//        // 注册解析器
+//        SimpleModule simpleModule = new SimpleModule("XssStringJsonSerializer");
+//        simpleModule.addSerializer(new XssRequestWrapper2.XssStringJsonSerializer());
+//        objectMapper.registerModule(simpleModule);
+//        return objectMapper;
+//    }
+//}
\ No newline at end of file

license/src/main/java/iot/sixiang/license/xss/XssFilter.java

@@ -16,8 +16,8 @@ import java.io.IOException;
  * @Date 2022/6/29 11:11
  * @Description
  */
-//@WebFilter(filterName = "xssFilter", urlPatterns = "/iot_license/*", asyncSupported = true)
-//@Component
+@WebFilter(filterName = "xssFilter", urlPatterns = "/iot_license/*", asyncSupported = true)
+@Component
 public class XssFilter implements Filter {
 
     /**

license/src/main/java/iot/sixiang/license/xss/XssFilter2.java

-package iot.sixiang.license.xss;
-
-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-//@WebFilter(filterName = "xssFilter", urlPatterns = "/iot_license/*", asyncSupported = true)
-//@Component
-public class XssFilter2 implements Filter {
-
-    private FilterConfig filterConfig;
-
-    @Override
-    public void init(FilterConfig filterConfig) throws ServletException {
-        this.filterConfig = filterConfig;
-    }
-
-    @Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-            throws IOException, ServletException {
-        // 拦截请求，处理XSS过滤
-        HttpServletRequest req = (HttpServletRequest) request;
-        HttpServletResponse resp = (HttpServletResponse) response;
-        XssRequestWrapper2 xssRequest = new XssRequestWrapper2(req);
-
-        chain.doFilter(xssRequest, resp);
-    }
-
-    @Override
-    public void destroy() {
-        this.filterConfig = null;
-    }
-}
+//package iot.sixiang.license.xss;
+//
+//import javax.servlet.*;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//import java.io.IOException;
+//
+//
+//public class XssFilter2 implements Filter {
+//
+//    private FilterConfig filterConfig;
+//
+//    @Override
+//    public void init(FilterConfig filterConfig) throws ServletException {
+//        this.filterConfig = filterConfig;
+//    }
+//
+//    @Override
+//    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+//            throws IOException, ServletException {
+//        // 拦截请求，处理XSS过滤
+//        HttpServletRequest req = (HttpServletRequest) request;
+//        HttpServletResponse resp = (HttpServletResponse) response;
+//        XssRequestWrapper2 xssRequest = new XssRequestWrapper2(req);
+//
+//        chain.doFilter(xssRequest, resp);
+//    }
+//
+//    @Override
+//    public void destroy() {
+//        this.filterConfig = null;
+//    }
+//}
\ No newline at end of file
\ No newline at end of file

license/src/main/resources/antisamy.xsd

-<?xml version="1.0" encoding="UTF-8"?>
-<xsd:schema
-	xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-
-	<xsd:element name="anti-samy-rules">
-	
-		<xsd:complexType>
-	
-		<xsd:sequence>
-			<xsd:element name="directives" type="Directives" maxOccurs="1" minOccurs="1"/>
-			<xsd:element name="common-regexps" type="CommonRegexps" maxOccurs="1" minOccurs="1"/>
-			<xsd:element name="common-attributes" type="AttributeList" maxOccurs="1" minOccurs="1"/>
-			<xsd:element name="global-tag-attributes" type="AttributeList" maxOccurs="1" minOccurs="1"/>
-			<xsd:element name="tags-to-encode" type="TagsToEncodeList" minOccurs="0" maxOccurs="1"/>
-			<xsd:element name="tag-rules" type="TagRules" minOccurs="1" maxOccurs="1"/>
-			<xsd:element name="css-rules" type="CSSRules" minOccurs="1" maxOccurs="1"/>
-            <xsd:element name="allowed-empty-tags" type="AllowedEmptyTags" minOccurs="0" maxOccurs="1"/>
-
-		</xsd:sequence>
-
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="Directives">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="directive" type="Directive" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	
-	<xsd:complexType name="Directive">
-	
-		<xsd:attribute name="name" use="required"/>
-		<xsd:attribute name="value" use="required"/>
-	
-	</xsd:complexType>
-	
-	<xsd:complexType name="CommonRegexps">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="regexp" type="RegExp" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	
-	<xsd:complexType name="AttributeList">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="attribute" type="Attribute" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	
-	<xsd:complexType name="TagsToEncodeList">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="tag" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	
-	<xsd:complexType name="TagRules">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="tag" type="Tag" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	
-	<xsd:complexType name="Tag">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="attribute" type="Attribute" minOccurs="0" />
-		</xsd:sequence>
-		
-		<xsd:attribute name="name" use="required"/>
-		<xsd:attribute name="action" use="required"/>
-		
-	</xsd:complexType>
-
-    <xsd:complexType name="AllowedEmptyTags">
-        <xsd:sequence>
-            <xsd:element name="literal-list" type="LiteralList" minOccurs="1"/>
-        </xsd:sequence>
-    </xsd:complexType>
-
-	<xsd:complexType name="Attribute">
-		<xsd:sequence>
-			<xsd:element name="regexp-list" type="RegexpList" minOccurs="0"/>
-			<xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="name" use="required"/>
-		<xsd:attribute name="description"/>
-		<xsd:attribute name="onInvalid"/>
-	</xsd:complexType>
-	
-
-	<xsd:complexType name="RegexpList">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="regexp" type="RegExp" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	
-	<xsd:complexType name="RegExp">
-		<xsd:attribute name="name" type="xsd:string"/>
-		<xsd:attribute name="value" type="xsd:string"/>
-	</xsd:complexType>
-
-	<xsd:complexType name="LiteralList">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="literal" type="Literal" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-
-	<xsd:complexType name="Literal">
-		<xsd:attribute name="value" type="xsd:string"/>
-	</xsd:complexType>
-	
-	<xsd:complexType name="CSSRules">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="property" type="Property" minOccurs="0"/>
-		</xsd:sequence>		
-	</xsd:complexType>
-	
-	<xsd:complexType name="Property">
-		<xsd:sequence>
-			<xsd:element name="category-list" type="CategoryList" minOccurs="0"/>
-			<xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
-			<xsd:element name="regexp-list" type="RegexpList" minOccurs="0"/>
-			<xsd:element name="shorthand-list" type="ShorthandList" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="name" type="xsd:string" use="required"/>
-		<xsd:attribute name="default" type="xsd:string"/>
-		<xsd:attribute name="description" type="xsd:string"/>
-	</xsd:complexType>
-
-	
-	<xsd:complexType name="ShorthandList">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="shorthand" type="Shorthand" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-
-	<xsd:complexType name="Shorthand">
-		<xsd:attribute name="name" type="xsd:string" use="required"/>
-	</xsd:complexType>	
-	
-	<xsd:complexType name="CategoryList">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="category" type="Category" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-
-	<xsd:complexType name="Category">
-		<xsd:attribute name="value" type="xsd:string" use="required"/>
-	</xsd:complexType>
-	
-
-	<xsd:complexType name="Entity">
-		<xsd:attribute name="name" type="xsd:string" use="required"/>	
-		<xsd:attribute name="cdata" type="xsd:string" use="required"/>
-	</xsd:complexType>
-</xsd:schema>