manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xssFilter去掉UReport的单引号和双引号的替换

Browse Source
This commit is contained in:
thinkgem
2021-05-28 00:54:38 +08:00
parent 11e1934d04
commit 9f56d80240
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
View File

@@ -232,6 +232,7 @@ public class EncodeUtils {
&& !StringUtils.contains(value, "id=\"FormHtml\"") // JFlow && !StringUtils.contains(value, "id=\"FormHtml\"") // JFlow
&& !(StringUtils.startsWith(value, "{") && StringUtils.endsWith(value, "}")) // JSON Object && !(StringUtils.startsWith(value, "{") && StringUtils.endsWith(value, "}")) // JSON Object
&& !(StringUtils.startsWith(value, "[") && StringUtils.endsWith(value, "]")) // JSON Array && !(StringUtils.startsWith(value, "[") && StringUtils.endsWith(value, "]")) // JSON Array
&& !(request != null && StringUtils.contains(request.getRequestURI(), "/ureport/")) // UReport
){ ){
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
for (int i = 0; i < value.length(); i++) { for (int i = 0; i < value.length(); i++) {