From 24a8719d4c5c2b5d4ff1e0b3156b61c6cf397a20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90li?= <15040126243@163.com> Date: Mon, 14 Feb 2022 14:47:33 +0800 Subject: [PATCH] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96xss=E6=B3=A8?= =?UTF-8?q?=E8=A7=A3=E5=A4=84=E7=90=86=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/ruoyi/common/core/xss/Xss.java | 51 +++++++++---------- .../ruoyi/common/core/xss/XssValidator.java | 47 ++++++++--------- 2 files changed, 46 insertions(+), 52 deletions(-) diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/Xss.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/Xss.java index d54dbc56..fb712248 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/Xss.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/Xss.java @@ -1,26 +1,25 @@ -package com.ruoyi.common.core.xss; - -import javax.validation.Constraint; -import javax.validation.Payload; -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * 自定义xss校验注解 - * - * @author ruoyi - */ -@Retention(RetentionPolicy.RUNTIME) -@Target(value = {ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER}) -@Constraint(validatedBy = {XssValidator.class}) -public @interface Xss { - String message() - - default "不允许任何脚本运行"; - - Class[] groups() default {}; - - Class[] payload() default {}; -} +package com.ruoyi.common.core.xss; + +import javax.validation.Constraint; +import javax.validation.Payload; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * 自定义xss校验注解 + * + * @author ruoyi + */ +@Retention(RetentionPolicy.RUNTIME) +@Target(value = {ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER}) +@Constraint(validatedBy = {XssValidator.class}) +public @interface Xss { + + String message() default "不允许任何脚本运行"; + + Class[] groups() default {}; + + Class[] payload() default {}; +} diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java index e7b6c220..b8601d63 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java @@ -1,26 +1,21 @@ -package com.ruoyi.common.core.xss; - -import javax.validation.ConstraintValidator; -import javax.validation.ConstraintValidatorContext; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -/** - * 自定义xss校验注解实现 - * - * @author ruoyi - */ -public class XssValidator implements ConstraintValidator { - private final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />"; - - @Override - public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) { - return !containsHtml(value); - } - - public boolean containsHtml(String value) { - Pattern pattern = Pattern.compile(HTML_PATTERN); - Matcher matcher = pattern.matcher(value); - return matcher.matches(); - } -} \ No newline at end of file +package com.ruoyi.common.core.xss; + +import cn.hutool.core.util.ReUtil; +import cn.hutool.http.HtmlUtil; + +import javax.validation.ConstraintValidator; +import javax.validation.ConstraintValidatorContext; + +/** + * 自定义xss校验注解实现 + * + * @author Lion Li + */ +public class XssValidator implements ConstraintValidator { + + @Override + public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) { + return !ReUtil.contains(HtmlUtil.RE_HTML_MARK, value); + } + +}