update 优化xss注解处理逻辑

3 years ago · 24a8719d4c
parent 1b7cde73f3
commit 24a8719d4c
2 changed files with 46 additions and 52 deletions
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/Xss.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/Xss.java
@ -1,26 +1,25 @@
-package com.ruoyi.common.core.xss;
+package com.ruoyi.common.core.xss;
-
+
-import javax.validation.Constraint;
+import javax.validation.Constraint;
-import javax.validation.Payload;
+import javax.validation.Payload;
-import java.lang.annotation.ElementType;
+import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
+import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
+import java.lang.annotation.Target;
-
+
-/**
+/**
- * 自定义xss校验注解
+ * 自定义xss校验注解
- *
+ *
- * @author ruoyi
+ * @author ruoyi
- */
+ */
-@Retention(RetentionPolicy.RUNTIME)
+@Retention(RetentionPolicy.RUNTIME)
-@Target(value = {ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER})
+@Target(value = {ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER})
-@Constraint(validatedBy = {XssValidator.class})
+@Constraint(validatedBy = {XssValidator.class})
-public @interface Xss {
+public @interface Xss {
-    String message()
+
-
+    String message() default "不允许任何脚本运行";
-            default "不允许任何脚本运行";
+
-
+    Class<?>[] groups() default {};
-    Class<?>[] groups() default {};
+
-
+    Class<? extends Payload>[] payload() default {};
-    Class<? extends Payload>[] payload() default {};
+}
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java
@ -1,26 +1,21 @@
-package com.ruoyi.common.core.xss;
+package com.ruoyi.common.core.xss;
-
+
-import javax.validation.ConstraintValidator;
+import cn.hutool.core.util.ReUtil;
-import javax.validation.ConstraintValidatorContext;
+import cn.hutool.http.HtmlUtil;
-import java.util.regex.Matcher;
+
-import java.util.regex.Pattern;
+import javax.validation.ConstraintValidator;
-
+import javax.validation.ConstraintValidatorContext;
-/**
+
- * 自定义xss校验注解实现
+/**
- *
+ * 自定义xss校验注解实现
- * @author ruoyi
+ *
- */
+ * @author Lion Li
-public class XssValidator implements ConstraintValidator<Xss, String> {
+ */
-    private final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />";
+public class XssValidator implements ConstraintValidator<Xss, String> {
-
+
-    @Override
+    @Override
-    public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) {
+    public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) {
-        return !containsHtml(value);
+        return !ReUtil.contains(HtmlUtil.RE_HTML_MARK, value);
-    }
+    }
-
+
-    public boolean containsHtml(String value) {
+}
        Pattern pattern = Pattern.compile(HTML_PATTERN);
        Matcher matcher = pattern.matcher(value);
        return matcher.matches();
    }
 }