Página inicial Explorar Ajuda
Entrar
opensource
/
DWSurvey
2
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

xss过滤改进

KeYuan 8 anos atrás
pai
3447e1c072
commit
3f88015918
1 arquivos alterados com 18 adições e 7 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 18 7
      src/main/java/com/key/common/plugs/xss/XssHttpWrapper.java

+ 18 - 7
src/main/java/com/key/common/plugs/xss/XssHttpWrapper.java
Ver arquivo 

@@ -10,6 +10,8 @@ import com.itextpdf.text.log.SysoCounter;
 
 
 import java.io.StringReader;
 
 import java.io.StringWriter;
 
+import java.io.UnsupportedEncodingException;
 
+import java.net.URLDecoder;
 
 import java.util.HashMap;
 
 import java.util.Iterator;
 
 import java.util.Map;
 
@@ -193,7 +195,7 @@ public class XssHttpWrapper extends HttpServletRequestWrapper {
 
      * @param s
 
      * @return
 
      */
 
-   private static String xssEncode(String s) {
 
+   /*private static String xssEncode(String s) {
 
         if (s == null || s.isEmpty()) {
 
             return s;
 
         }
 
@@ -210,7 +212,7 @@ public class XssHttpWrapper extends HttpServletRequestWrapper {
 
         }
 
         return null;
 
     }
 
-
 
+*/
 
 
     /**
 
      * 将容易引起xss漏洞的半角字符直接替换成全角字符
 
@@ -218,7 +220,7 @@ public class XssHttpWrapper extends HttpServletRequestWrapper {
 
      * @param s
 
      * @return
 
      */
 
-   /* public String xssEncode(String s)
 
+    public String xssEncode(String s)
 
     {
 
         if (s == null || s.isEmpty())
 
         {
 
@@ -228,18 +230,27 @@ public class XssHttpWrapper extends HttpServletRequestWrapper {
 
         String result = stripXSS(s);
 
         if (null != result)
 
         {
 
-            result = escape(result);
 
+            HttpServletRequest request = (HttpServletRequest) super.getRequest();
 
+            String requestURI = request.getRequestURI();
 
+            if(!requestURI.contains("/design")){
 
+//                try {
 
+//                    result = URLDecoder.decode(result,"utf-8");
 
+//                } catch (UnsupportedEncodingException e) {
 
+//                    e.printStackTrace();
 
+//                }
 
+                result = escape(result);
 
+            }
 
         }
 
 
         return result;
 
-    }*/
 
+    }
 
 
     /**
 
      * 插件之所以报 mismatched tree node: EOF expecting错误是因为其对注入的脚本格式有校验
 
      * @param
 
      * @return
 
      */
 
-    /*private String stripXSS(String value)
 
+    private String stripXSS(String value)
 
     {
 
         if (value != null)
 
         {
 
@@ -288,5 +299,5 @@ public class XssHttpWrapper extends HttpServletRequestWrapper {
 
             value = scriptPattern.matcher(value).replaceAll("");
 
         }
 
         return value;
 
-    }*/
 
+    }
 
 }