Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
ioc_sixiang_license
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
zengtianlai3
ioc_sixiang_license
Commits
cb3a57f9
Commit
cb3a57f9
authored
Jul 18, 2022
by
zengtianlai3
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
前端所有请求都被拦截修改
parent
79d0026d
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
6 additions
and
3 deletions
+6
-3
XssHttpServletRequestWrapper.java
...iot/sixiang/license/xss/XssHttpServletRequestWrapper.java
+2
-2
XssUtil.java
license/src/main/java/iot/sixiang/license/xss/XssUtil.java
+4
-1
No files found.
license/src/main/java/iot/sixiang/license/xss/XssHttpServletRequestWrapper.java
View file @
cb3a57f9
...
...
@@ -6,6 +6,7 @@ import iot.sixiang.license.handler.IotLicenseException;
import
lombok.extern.slf4j.Slf4j
;
import
org.apache.commons.fileupload.servlet.ServletFileUpload
;
import
org.owasp.esapi.ESAPI
;
import
org.springframework.util.StringUtils
;
import
org.springframework.web.multipart.commons.CommonsMultipartResolver
;
import
javax.servlet.ReadListener
;
...
...
@@ -183,7 +184,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
private
String
cleanXSS
(
String
value
)
{
if
(
value
!=
null
)
{
if
(
value
!=
null
&&
value
.
length
()
!=
0
)
{
// 推荐使用ESAPI库来避免脚本攻击
value
=
ESAPI
.
encoder
().
canonicalize
(
value
);
// 避免空字符串
...
...
@@ -230,7 +231,6 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
// 避免 onXX= 表达式
scriptPattern
=
Pattern
.
compile
(
"on.*(.*?)="
,
CASE_INSENSITIVE
|
MULTILINE
|
DOTALL
);
value
=
scriptPattern
.
matcher
(
value
).
replaceAll
(
""
);
if
(
value
.
length
()
==
0
)
{
throw
new
IotLicenseException
(
ResultCode
.
VALIDATE_FAILED
.
getCode
(),
"参数含有非法攻击字符,已禁止继续访问!!"
);
}
...
...
license/src/main/java/iot/sixiang/license/xss/XssUtil.java
View file @
cb3a57f9
...
...
@@ -2,6 +2,7 @@ package iot.sixiang.license.xss;
import
iot.sixiang.license.consts.ResultCode
;
import
iot.sixiang.license.handler.IotLicenseException
;
import
lombok.extern.slf4j.Slf4j
;
import
org.owasp.esapi.ESAPI
;
import
java.util.regex.Pattern
;
...
...
@@ -15,9 +16,10 @@ import static java.util.regex.Pattern.*;
* @author tianlai3
* @date 2022-07-17 15:27:52
*/
@Slf4j
public
class
XssUtil
{
public
static
String
checkXSS
(
String
value
)
{
if
(
value
!=
null
)
{
if
(
value
!=
null
&&
value
.
length
()
!=
0
)
{
// 推荐使用ESAPI库来避免脚本攻击
value
=
ESAPI
.
encoder
().
canonicalize
(
value
);
// 避免空字符串
...
...
@@ -65,6 +67,7 @@ public class XssUtil {
scriptPattern
=
Pattern
.
compile
(
"on.*(.*?)="
,
CASE_INSENSITIVE
|
MULTILINE
|
DOTALL
);
value
=
scriptPattern
.
matcher
(
value
).
replaceAll
(
""
);
if
(
value
.
length
()
==
0
)
{
throw
new
IotLicenseException
(
ResultCode
.
VALIDATE_FAILED
.
getCode
(),
"参数含有非法攻击字符,已禁止继续访问!!"
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
