8 yıl önce · 3f88015918
--- a/src/main/java/com/key/common/plugs/xss/XssHttpWrapper.java
+++ b/src/main/java/com/key/common/plugs/xss/XssHttpWrapper.java
@@ -10,6 +10,8 @@ import com.itextpdf.text.log.SysoCounter;
 
				 
			
 
				 import java.io.StringReader;
			
 
				 import java.io.StringWriter;
			
 
				+import java.io.UnsupportedEncodingException;
			
 
				+import java.net.URLDecoder;
			
 
				 import java.util.HashMap;
			
 
				 import java.util.Iterator;
			
 
				 import java.util.Map;
			
@@ -193,7 +195,7 @@ public class XssHttpWrapper extends HttpServletRequestWrapper {
 
				      * @param s
			
 
				      * @return
			
 
				      */
			
 
				-   private static String xssEncode(String s) {
			
 
				+   /*private static String xssEncode(String s) {
			
 
				         if (s == null || s.isEmpty()) {
			
 
				             return s;
			
 
				         }
			
@@ -210,7 +212,7 @@ public class XssHttpWrapper extends HttpServletRequestWrapper {
 
				         }
			
 
				         return null;
			
 
				     }
			
 
				-
			
 
				+*/
			
 
				 
			
 
				     /**
			
 
				      * 将容易引起xss漏洞的半角字符直接替换成全角字符
			
@@ -218,7 +220,7 @@ public class XssHttpWrapper extends HttpServletRequestWrapper {
 
				      * @param s
			
 
				      * @return
			
 
				      */
			
 
				-   /* public String xssEncode(String s)
			
 
				+    public String xssEncode(String s)
			
 
				     {
			
 
				         if (s == null || s.isEmpty())
			
 
				         {
			
@@ -228,18 +230,27 @@ public class XssHttpWrapper extends HttpServletRequestWrapper {
 
				         String result = stripXSS(s);
			
 
				         if (null != result)
			
 
				         {
			
 
				-            result = escape(result);
			
 
				+            HttpServletRequest request = (HttpServletRequest) super.getRequest();
			
 
				+            String requestURI = request.getRequestURI();
			
 
				+            if(!requestURI.contains("/design")){
			
 
				+//                try {
			
 
				+//                    result = URLDecoder.decode(result,"utf-8");
			
 
				+//                } catch (UnsupportedEncodingException e) {
			
 
				+//                    e.printStackTrace();
			
 
				+//                }
			
 
				+                result = escape(result);
			
 
				+            }
			
 
				         }
			
 
				 
			
 
				         return result;
			
 
				-    }*/
			
 
				+    }
			
 
				 
			
 
				     /**
			
 
				      * 插件之所以报 mismatched tree node: EOF expecting错误是因为其对注入的脚本格式有校验
			
 
				      * @param
			
 
				      * @return
			
 
				      */
			
 
				-    /*private String stripXSS(String value)
			
 
				+    private String stripXSS(String value)
			
 
				     {
			
 
				         if (value != null)
			
 
				         {
			
@@ -288,5 +299,5 @@ public class XssHttpWrapper extends HttpServletRequestWrapper {
 
				             value = scriptPattern.matcher(value).replaceAll("");
			
 
				         }
			
 
				         return value;
			
 
				-    }*/
			
 
				+    }
			
 
				 }