manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

完善xss正则表达式,处理on前面是/的问题;完善beetl的xss格式化,默认使用非html文本处理

Browse Source
This commit is contained in:
thinkgem
2025-07-09 13:03:17 +08:00
parent da999aa4e6
commit 3585737d21
5 changed files with 47 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
View File

@@ -192,7 +192,7 @@ public class EncodeUtils {
private static final List<Pattern> xssPatterns = ListUtils.newArrayList(
Pattern.compile("(<\\s*(script|link|style|iframe)([\\s\\S]*?)(>|<\\/\\s*\\1\\s*>))|(</\\s*(script|link|style|iframe)\\s*>)", Pattern.CASE_INSENSITIVE),
Pattern.compile("\\s*(href|src)\\s*=\\s*(\"\\s*(javascript|vbscript):[^\"]+\"|'\\s*(javascript|vbscript):[^']+'|(javascript|vbscript):[^\\s]+)\\s*(?=>)", Pattern.CASE_INSENSITIVE),
Pattern.compile("\\s*on[a-z]+\\s*=\\s*(\"[^\"]+\"|'[^']+'|[^\\s]+)\\s*(?=>)", Pattern.CASE_INSENSITIVE),
Pattern.compile("\\s*/?\\s*on[a-zA-Z]+\\s*=\\s*(['\"]?)(.*?)\\1(?=\\s|>|/>)", Pattern.CASE_INSENSITIVE),
Pattern.compile("(eval\\((.*?)\\)|expression\\((.*?)\\))", Pattern.CASE_INSENSITIVE),
Pattern.compile("^(javascript:|vbscript:)", Pattern.CASE_INSENSITIVE)
);

74
common/src/test/java/com/jeesite/test/codec/EncodeUtilsTest.java
View File

@@ -14,37 +14,49 @@ import com.jeesite.common.codec.EncodeUtils;
public class EncodeUtilsTest {
public static void main(String[] args) {
EncodeUtils.xssFilter("1 你好 <script>alert(document.cookie)</script>我还在。");
EncodeUtils.xssFilter("2 你好 <strong>加粗文字</strong>我还在。");
EncodeUtils.xssFilter("<!--HTML-->3 你好 \"><strong>加粗文字</strong>我还在。");
EncodeUtils.xssFilter("<!--HTML-->4 你好 <iframe src=\"abcdef\"></iframe><strong>加粗文字</strong>我还在。");
EncodeUtils.xssFilter("<!--HTML-->5 你好 <iframe src=\"abcdef\"/><strong>加粗文字</strong>我还在。");
EncodeUtils.xssFilter("<!--HTML-->6 你好 <iframe src=\"abcdef\"><strong>加粗文字</strong>我还在。");
EncodeUtils.xssFilter("<!--HTML-->7 你好 <script type=\"text/javascript\">alert(document.cookie)</script>我还在。");
EncodeUtils.xssFilter("<!--HTML-->8 你好 <script\n type=\"text/javascript\">\nalert(document.cookie)\n</script>我还在。");
EncodeUtils.xssFilter("<!--HTML-->9 你好 <script src='' onerror='alert(document.cookie)'></script>我还在。");
EncodeUtils.xssFilter("<!--HTML-->10 你好 <script type=text/javascript>alert()我还在。");
EncodeUtils.xssFilter("<!--HTML-->11 你好 <script>alert(document.cookie)</script>我还在。");
EncodeUtils.xssFilter("<!--HTML-->12 你好 <script>window.location='url'我还在。");
EncodeUtils.xssFilter("<!--HTML-->13 你好 </script></iframe>我还在。");
EncodeUtils.xssFilter("<!--HTML-->14 你好 eval(abc)我还在。");
EncodeUtils.xssFilter("<!--HTML-->15 你好 expression(abc)我还在。");
EncodeUtils.xssFilter("<!--HTML-->16 你好 <img src='abc.jpg' onerror='location='';alert(document.cookie);'></img>我还在。");
EncodeUtils.xssFilter("<!--HTML-->17 你好 <img src='abc.jpg' onerror='alert(document.cookie);'/>我还在。");
EncodeUtils.xssFilter("<!--HTML-->18 你好 <img src='abc.jpg' onerror='alert(document.cookie);'>我还在。");
EncodeUtils.xssFilter("<!--HTML-->19 你好 <a onload='alert(\"abc\")'>hello</a>我还在。");
EncodeUtils.xssFilter("<!--HTML-->20 你好 <a href=\"/abc\">hello</a>我还在。");
EncodeUtils.xssFilter("<!--HTML-->21 你好 <a href='/abc'>hello</a>我还在。");
EncodeUtils.xssFilter("<!--HTML-->22 你好 <a href='vbscript:alert(\"abc\");'>hello</a>我还在。");
EncodeUtils.xssFilter("<!--HTML-->23 你好 <a href='javascript:alert(\"abc\");'>hello</a>我还在。");
EncodeUtils.xssFilter("<!--HTML-->24 你好 ?abc=def&hello=123&world={\"a\":1}我还在。");
EncodeUtils.xssFilter("<!--HTML-->25 你好 ?abc=def&hello=123&world={'a':1}我还在。");
EncodeUtils.sqlFilter("1 你好 select * from xxx where abc=def and 1=1我还在。");
EncodeUtils.sqlFilter("2 你好 insert into xxx values(1,2,3,4,5)我还在。");
EncodeUtils.sqlFilter("3 你好 delete from xxx我还在。");
EncodeUtils.sqlFilter("4 a.audit_result asc,case when 1 like case when length(database())=6 then 1 else exp(111) end then 1 else 1/0 end", "orderBy");
EncodeUtils.sqlFilter("5 if(1=2,1,SLEEP(10)), if(mid(database(),{},1)=\\\"{}\\\",a.id,a.login_name)", "orderBy");
EncodeUtils.sqlFilter("6 a.audit_result asc, b.audit_result2 desc, b.AuditResult3 desc", "orderBy");
int i = 0;
xssFilter(i++, "你好 <script>alert(document.cookie)</script>我还在。");
xssFilter(i++, "你好 <strong>加粗文字</strong>我还在。");
xssFilter(i++, "<!--HTML-->你好 \"><strong>加粗文字</strong>我还在。");
xssFilter(i++, "<!--HTML-->你好 <iframe src=\"abcdef\"></iframe><strong>加粗文字</strong>我还在。");
xssFilter(i++, "<!--HTML-->你好 <iframe src=\"abcdef\"/><strong>加粗文字</strong>我还在。");
xssFilter(i++, "<!--HTML-->你好 <iframe src=\"abcdef\"><strong>加粗文字</strong>我还在。");
xssFilter(i++, "<!--HTML-->你好 <script type=\"text/javascript\">alert(document.cookie)</script>我还在。");
xssFilter(i++, "<!--HTML-->你好 <script\n type=\"text/javascript\">\nalert(document.cookie)\n</script>我还在。");
xssFilter(i++, "<!--HTML-->你好 <script src='' onerror='alert(document.cookie)'></script>我还在。");
xssFilter(i++, "<!--HTML-->你好 <script type=text/javascript>alert()我还在。");
xssFilter(i++, "<!--HTML-->你好 <script>alert(document.cookie)</script>我还在。");
xssFilter(i++, "<!--HTML-->你好 <script>window.location='url'我还在。");
xssFilter(i++, "<!--HTML-->你好 </script></iframe>我还在。");
xssFilter(i++, "<!--HTML-->你好 eval(abc)我还在。");
xssFilter(i++, "<!--HTML-->你好 expression(abc)我还在。");
xssFilter(i++, "<!--HTML-->你好 <img src='abc.jpg' onerror='location='';alert(document.cookie);'></img>我还在。");
xssFilter(i++, "<!--HTML-->你好 <img src='abc.jpg' onerror='alert(document.cookie);'/>我还在。");
xssFilter(i++, "<!--HTML-->你好 <img src='abc.jpg' onerror='alert(document.cookie);'>我还在。");
xssFilter(i++, "<!--HTML-->你好 <a onload='alert(\"abc\")'>hello</a>我还在。");
xssFilter(i++, "<!--HTML-->你好 <a href=\"/abc\">hello</a>我还在。");
xssFilter(i++, "<!--HTML-->你好 <a href='/abc'>hello</a>我还在。");
xssFilter(i++, "<!--HTML-->你好 <a href='vbscript:alert(\"abc\");'>hello</a>我还在。");
xssFilter(i++, "<!--HTML-->你好 <a href='javascript:alert(\"abc\");'>hello</a>我还在。");
xssFilter(i++, "<!--HTML-->你好 ?abc=def&hello=123&world={\"a\":1}我还在。");
xssFilter(i++, "<!--HTML-->你好 ?abc=def&hello=123&world={'a':1}我还在。");
xssFilter(i++, "<!--HTML-->\"><svg/ONLOAD=confirm(3) />");
sqlFilter(i++, "你好 select * from xxx where abc=def and 1=1我还在。", "common");
sqlFilter(i++, "你好 insert into xxx values(1,2,3,4,5)我还在。", "common");
sqlFilter(i++, "你好 delete from xxx我还在。", "common");
sqlFilter(i++, "a.audit_result asc,case when 1 like case when length(database())=6 then 1 else exp(111) end then 1 else 1/0 end", "orderBy");
sqlFilter(i++, "if(1=2,1,SLEEP(10)), if(mid(database(),{},1)=\\\"{}\\\",a.id,a.login_name)", "orderBy");
sqlFilter(i++, "a.audit_result asc, b.audit_result2 desc, b.AuditResult3 desc", "orderBy");
}
private static void xssFilter(int num, String text) {
String text2 = EncodeUtils.xssFilter(text);
System.out.println(num + ". " + text + "\t ==> \t" + text2 + "\t ==> \t" + text.equals(text2));
}
private static void sqlFilter(int num, String text, String source) {
String text2 = EncodeUtils.sqlFilter(text, source);
System.out.println(num + ". " + text + "\t ==> \t" + text2 + "\t ==> \t" + text.equals(text2));
}
}

2
modules/core/src/main/resources/views/include/sysIndex/leftMenu.html
View File

@@ -6,7 +6,7 @@
<script src="${ctxStatic}/modules/sys/leftMenu.js"></script>
</div>
<div class="pull-left info">
<p>${user.userName}</p>
<p>${user.userName,xss}</p>
<a href="javascript:"><i class="fa fa-circle text-success"></i> ${text('在线')}</a>
<a href="${ctx}/logout"><i class="fa fa-sign-out text-danger"></i> ${text('注销')}</a>
</div>

2
modules/core/src/main/resources/views/include/sysIndex/topMenuUser.html
View File

@@ -1,7 +1,7 @@
<li class="dropdown user-menu mr5">
<a href="javascript:" class="dropdown-toggle" data-toggle="dropdown" data-hover="dropdown">
<img src="${@user.getAvatarUrl().replaceFirst('/ctxPath', ctxPath)}" class="user-image">
<span class="hidden-xs">${user.userName}</span>
<span class="hidden-xs">${user.userName,xss}</span>
</a>
<ul class="dropdown-menu">
<li class="mt5">

2
modules/core/src/main/resources/views/modules/sys/user/userInfo.html
View File

@@ -23,7 +23,7 @@
<div class="box-body box-profile">
<img id="avatarImg" class="profile-user-img img-responsive img-circle"
src="${@user.getAvatarUrl().replaceFirst('/ctxPath', ctxPath)}?__t=${date().time}">
<h3 class="profile-username text-center">${user.userName}</h3>
<h3 class="profile-username text-center">${user.userName,xss}</h3>
<p class="text-muted text-center">
<#form:radio path="sex" dictType="sys_user_sex" class="form-control required"/>
</p>