From c03c75609a362fef2aee04df8ac1dcb7a596d4fe Mon Sep 17 00:00:00 2001
From: thinkgem <thinkgem@163.com>
Date: Wed, 12 Aug 2020 11:17:21 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AF=BC=E5=85=A5=E7=9A=84=E6=95=B0=E6=8D=AE?=
 =?UTF-8?q?=E8=BF=9B=E8=A1=8C=20xss=20=E8=BF=87=E6=BB=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/jeesite/common/utils/excel/ExcelImport.java     | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/common/src/main/java/com/jeesite/common/utils/excel/ExcelImport.java b/common/src/main/java/com/jeesite/common/utils/excel/ExcelImport.java
index 6da81d0b..69dc42e1 100644
--- a/common/src/main/java/com/jeesite/common/utils/excel/ExcelImport.java
+++ b/common/src/main/java/com/jeesite/common/utils/excel/ExcelImport.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.web.multipart.MultipartFile;
 
 import com.jeesite.common.callback.MethodCallback;
+import com.jeesite.common.codec.EncodeUtils;
 import com.jeesite.common.collect.ListUtils;
 import com.jeesite.common.collect.MapUtils;
 import com.jeesite.common.lang.DateUtils;
@@ -478,6 +479,10 @@ public class ExcelImport implements Closeable {
 						// 参数：Exception ex, int rowNum, int columnNum
 						exceptionCallback.execute(ex, i, column);
 					}
+					// 导入的数据进行 xss 过滤
+					if (val != null && val instanceof String) {
+						val = EncodeUtils.xssFilter(val.toString());
+					}
 					// set entity value
 					if (StringUtils.isNotBlank(ef.attrName())){
 						ReflectUtils.invokeSetter(e, ef.attrName(), val);