manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

导入的数据进行 xss 过滤

Browse Source
This commit is contained in:
thinkgem
2020-08-12 11:17:21 +08:00
parent 32ce44dac4
commit c03c75609a
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
common/src/main/java/com/jeesite/common/utils/excel/ExcelImport.java
View File

@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartFile;
import com.jeesite.common.callback.MethodCallback; import com.jeesite.common.callback.MethodCallback;
import com.jeesite.common.codec.EncodeUtils;
import com.jeesite.common.collect.ListUtils; import com.jeesite.common.collect.ListUtils;
import com.jeesite.common.collect.MapUtils; import com.jeesite.common.collect.MapUtils;
import com.jeesite.common.lang.DateUtils; import com.jeesite.common.lang.DateUtils;
@@ -478,6 +479,10 @@ public class ExcelImport implements Closeable {
// 参数Exception ex, int rowNum, int columnNum // 参数Exception ex, int rowNum, int columnNum
exceptionCallback.execute(ex, i, column); exceptionCallback.execute(ex, i, column);
} }
// 导入的数据进行 xss 过滤
if (val != null && val instanceof String) {
val = EncodeUtils.xssFilter(val.toString());
}
// set entity value // set entity value
if (StringUtils.isNotBlank(ef.attrName())){ if (StringUtils.isNotBlank(ef.attrName())){
ReflectUtils.invokeSetter(e, ef.attrName(), val); ReflectUtils.invokeSetter(e, ef.attrName(), val);