完善xss过滤表达式，避免出现data:

2025-08-18 23:06:15 +08:00
parent 6b75fe67af
commit 63773c97a5
2 changed files with 2 additions and 1 deletions
--- a/common/src/test/java/com/jeesite/test/codec/EncodeUtilsTest.java
+++ b/common/src/test/java/com/jeesite/test/codec/EncodeUtilsTest.java
@@ -41,6 +41,7 @@ public class EncodeUtilsTest {
 		xssFilter(i++, "<!--HTML-->你好 ?abc=def&hello=123&world={\"a\":1}我还在。");
 		xssFilter(i++, "<!--HTML-->你好 ?abc=def&hello=123&world={'a':1}我还在。");
 		xssFilter(i++, "<!--HTML-->\"><svg/ONLOAD=confirm(3) />");
+		xssFilter(i++, "<!--HTML-->XSS<embed src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCg5KTwvc2NyaXB0Pgo=\">");
 		sqlFilter(i++, "你好 select * from xxx where abc=def and 1=1我还在。", "common");
 		sqlFilter(i++, "你好 insert into xxx values(1,2,3,4,5)我还在。", "common");
 		sqlFilter(i++, "你好 delete from xxx我还在。", "common");