Commit 5c0a1a91 authored by zengtianlai3's avatar zengtianlai3

撤销

parent aabdccef
package iot.sixiang.license.xss;
/**
* Title: AntiSamyConfig
* Description: TODO
*
* @author tianlai3
* @date 2022-07-17 01:18:02
*/
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
import javax.servlet.Filter;
@Configuration
public class AntiSamyConfig {
/**
* 配置XSS过滤器
*
* @return FilterRegistrationBean
*/
@Bean
public FilterRegistrationBean<Filter> filterRegistrationBean() {
FilterRegistrationBean<Filter> filterRegistrationBean = new FilterRegistrationBean<>(new XssFilter2());
filterRegistrationBean.addUrlPatterns("/iot_license/*");
filterRegistrationBean.setOrder(1);
return filterRegistrationBean;
}
/**
* 用于过滤Json类型数据的解析器
*
* @param builder Jackson2ObjectMapperBuilder
* @return ObjectMapper
*/
@Bean
public ObjectMapper xssObjectMapper(Jackson2ObjectMapperBuilder builder) {
// 创建解析器
ObjectMapper objectMapper = builder.createXmlMapper(false).build();
// 注册解析器
SimpleModule simpleModule = new SimpleModule("XssStringJsonSerializer");
simpleModule.addSerializer(new XssRequestWrapper2.XssStringJsonSerializer());
objectMapper.registerModule(simpleModule);
return objectMapper;
}
}
\ No newline at end of file
//package iot.sixiang.license.xss;
//
///**
// * Title: AntiSamyConfig
// * Description: TODO
// *
// * @author tianlai3
// * @date 2022-07-17 01:18:02
// */
//import com.fasterxml.jackson.databind.ObjectMapper;
//import com.fasterxml.jackson.databind.module.SimpleModule;
//import org.springframework.boot.web.servlet.FilterRegistrationBean;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
//
//import javax.servlet.Filter;
//
//
//@Configuration
//public class AntiSamyConfig {
//
// /**
// * 配置XSS过滤器
// *
// * @return FilterRegistrationBean
// */
// @Bean
// public FilterRegistrationBean<Filter> filterRegistrationBean() {
// FilterRegistrationBean<Filter> filterRegistrationBean = new FilterRegistrationBean<>(new XssFilter2());
// filterRegistrationBean.addUrlPatterns("/iot_license/*");
// filterRegistrationBean.setOrder(1);
// return filterRegistrationBean;
// }
//
// /**
// * 用于过滤Json类型数据的解析器
// *
// * @param builder Jackson2ObjectMapperBuilder
// * @return ObjectMapper
// */
// @Bean
// public ObjectMapper xssObjectMapper(Jackson2ObjectMapperBuilder builder) {
// // 创建解析器
// ObjectMapper objectMapper = builder.createXmlMapper(false).build();
// // 注册解析器
// SimpleModule simpleModule = new SimpleModule("XssStringJsonSerializer");
// simpleModule.addSerializer(new XssRequestWrapper2.XssStringJsonSerializer());
// objectMapper.registerModule(simpleModule);
// return objectMapper;
// }
//}
\ No newline at end of file
......@@ -16,8 +16,8 @@ import java.io.IOException;
* @Date 2022/6/29 11:11
* @Description
*/
//@WebFilter(filterName = "xssFilter", urlPatterns = "/iot_license/*", asyncSupported = true)
//@Component
@WebFilter(filterName = "xssFilter", urlPatterns = "/iot_license/*", asyncSupported = true)
@Component
public class XssFilter implements Filter {
/**
......
package iot.sixiang.license.xss;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
//@WebFilter(filterName = "xssFilter", urlPatterns = "/iot_license/*", asyncSupported = true)
//@Component
public class XssFilter2 implements Filter {
private FilterConfig filterConfig;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// 拦截请求,处理XSS过滤
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
XssRequestWrapper2 xssRequest = new XssRequestWrapper2(req);
chain.doFilter(xssRequest, resp);
}
@Override
public void destroy() {
this.filterConfig = null;
}
}
\ No newline at end of file
//package iot.sixiang.license.xss;
//
//import javax.servlet.*;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//
//
//public class XssFilter2 implements Filter {
//
// private FilterConfig filterConfig;
//
// @Override
// public void init(FilterConfig filterConfig) throws ServletException {
// this.filterConfig = filterConfig;
// }
//
// @Override
// public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
// throws IOException, ServletException {
// // 拦截请求,处理XSS过滤
// HttpServletRequest req = (HttpServletRequest) request;
// HttpServletResponse resp = (HttpServletResponse) response;
// XssRequestWrapper2 xssRequest = new XssRequestWrapper2(req);
//
// chain.doFilter(xssRequest, resp);
// }
//
// @Override
// public void destroy() {
// this.filterConfig = null;
// }
//}
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<xsd:schema
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<xsd:element name="anti-samy-rules">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="directives" type="Directives" maxOccurs="1" minOccurs="1"/>
<xsd:element name="common-regexps" type="CommonRegexps" maxOccurs="1" minOccurs="1"/>
<xsd:element name="common-attributes" type="AttributeList" maxOccurs="1" minOccurs="1"/>
<xsd:element name="global-tag-attributes" type="AttributeList" maxOccurs="1" minOccurs="1"/>
<xsd:element name="tags-to-encode" type="TagsToEncodeList" minOccurs="0" maxOccurs="1"/>
<xsd:element name="tag-rules" type="TagRules" minOccurs="1" maxOccurs="1"/>
<xsd:element name="css-rules" type="CSSRules" minOccurs="1" maxOccurs="1"/>
<xsd:element name="allowed-empty-tags" type="AllowedEmptyTags" minOccurs="0" maxOccurs="1"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:complexType name="Directives">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="directive" type="Directive" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Directive">
<xsd:attribute name="name" use="required"/>
<xsd:attribute name="value" use="required"/>
</xsd:complexType>
<xsd:complexType name="CommonRegexps">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="regexp" type="RegExp" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="AttributeList">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="attribute" type="Attribute" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="TagsToEncodeList">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="tag" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="TagRules">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="tag" type="Tag" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Tag">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="attribute" type="Attribute" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required"/>
<xsd:attribute name="action" use="required"/>
</xsd:complexType>
<xsd:complexType name="AllowedEmptyTags">
<xsd:sequence>
<xsd:element name="literal-list" type="LiteralList" minOccurs="1"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Attribute">
<xsd:sequence>
<xsd:element name="regexp-list" type="RegexpList" minOccurs="0"/>
<xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="name" use="required"/>
<xsd:attribute name="description"/>
<xsd:attribute name="onInvalid"/>
</xsd:complexType>
<xsd:complexType name="RegexpList">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="regexp" type="RegExp" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="RegExp">
<xsd:attribute name="name" type="xsd:string"/>
<xsd:attribute name="value" type="xsd:string"/>
</xsd:complexType>
<xsd:complexType name="LiteralList">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="literal" type="Literal" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Literal">
<xsd:attribute name="value" type="xsd:string"/>
</xsd:complexType>
<xsd:complexType name="CSSRules">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="property" type="Property" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Property">
<xsd:sequence>
<xsd:element name="category-list" type="CategoryList" minOccurs="0"/>
<xsd:element name="literal-list" type="LiteralList" minOccurs="0"/>
<xsd:element name="regexp-list" type="RegexpList" minOccurs="0"/>
<xsd:element name="shorthand-list" type="ShorthandList" minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required"/>
<xsd:attribute name="default" type="xsd:string"/>
<xsd:attribute name="description" type="xsd:string"/>
</xsd:complexType>
<xsd:complexType name="ShorthandList">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="shorthand" type="Shorthand" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Shorthand">
<xsd:attribute name="name" type="xsd:string" use="required"/>
</xsd:complexType>
<xsd:complexType name="CategoryList">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="category" type="Category" minOccurs="0"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="Category">
<xsd:attribute name="value" type="xsd:string" use="required"/>
</xsd:complexType>
<xsd:complexType name="Entity">
<xsd:attribute name="name" type="xsd:string" use="required"/>
<xsd:attribute name="cdata" type="xsd:string" use="required"/>
</xsd:complexType>
</xsd:schema>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment