HTML过滤器改为将html转义

RuoYi

2020-07-28 1bde32814a0e287e335f47c902e6fbe7b94351c2

HTML过滤器改为将html转义

 src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java

@@ -144,7 +144,10 @@


    public static void main(String[] args)

    {

        String html = "alert('11111');";

        String html = "<script>alert(1);</script>";

        // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";

        // String html = "<123";

        // String html = "123>";

        System.out.println(EscapeUtil.clean(html));

        System.out.println(EscapeUtil.escape(html));

        System.out.println(EscapeUtil.unescape(html));


 src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java

@@ -131,7 +131,7 @@
        vAllowedEntities = new String[] { "amp", "gt", "lt", "quot" };

        stripComment = true;

        encodeQuotes = true;

        alwaysMakeTags = true;

        alwaysMakeTags = false;

    }



    /**

@@ -208,7 +208,7 @@


        s = processRemoveBlanks(s);



        s = validateEntities(s);

        // s = validateEntities(s);



        return s;

    }

@@ -245,6 +245,7 @@
            // try and form html

            //

            s = regexReplace(P_END_ARROW, "", s);

            // 不追加结束标签

            s = regexReplace(P_BODY_TO_END, "<$1>", s);

            s = regexReplace(P_XML_CONTENT, "$1<$2", s);