baogq
/
ATJ_MES_WEB_ZY
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

README

Browse Source
master
RuoYi 5 years ago committed by Limy
parent 7a6ab70d06
commit 5e8f3a9b6e
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File

2
README.md
Unescape Escape View File

@ -80,7 +80,7 @@
</tr> </tr>
<tr> <tr>
<td><img src="https://oscimg.oschina.net/oscnet/bed2b98a44e7ae820c2885329e711965c28.jpg"/></td> <td><img src="https://oscimg.oschina.net/oscnet/bed2b98a44e7ae820c2885329e711965c28.jpg"/></td>
<td><img src="https://oscimg.oschina.net/oscnet/5f3d39a141f21f81b90536f391b8408f1fa.jpg"/></td> <td><img src="https://oscimg.oschina.net/oscnet/up-6d73c2140ce694e3de4c05035fdc1868d4c.png"/></td>
</tr> </tr>
</table> </table>

2
ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
Unescape Escape View File

@ -145,6 +145,8 @@ public class EscapeUtil
public static void main(String[] args) public static void main(String[] args)
{ {
String html = "<script>alert(1);</script>"; String html = "<script>alert(1);</script>";
// String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
// String html = "<123";
System.out.println(EscapeUtil.clean(html)); System.out.println(EscapeUtil.clean(html));
System.out.println(EscapeUtil.escape(html)); System.out.println(EscapeUtil.escape(html));
System.out.println(EscapeUtil.unescape(html)); System.out.println(EscapeUtil.unescape(html));

5
ruoyi-common/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java
Unescape Escape View File

@ -35,7 +35,7 @@ public final class HTMLFilter
private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))"); private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL); private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
private static final Pattern P_END_ARROW = Pattern.compile("^>"); private static final Pattern P_END_ARROW = Pattern.compile("^>");
private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)"); // private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)"); private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)"); private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)"); private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
@ -245,7 +245,8 @@ public final class HTMLFilter
// try and form html // try and form html
// //
s = regexReplace(P_END_ARROW, "", s); s = regexReplace(P_END_ARROW, "", s);
s = regexReplace(P_BODY_TO_END, "<$1>", s); // 不追加结束标签
// s = regexReplace(P_BODY_TO_END, "<$1>", s);
s = regexReplace(P_XML_CONTENT, "$1<$2", s); s = regexReplace(P_XML_CONTENT, "$1<$2", s);
} }

Write Preview
Loading…
Cancel
Save