From 21a7c3fa8dca5b66b0cfdd1563a859063b1d9f11 Mon Sep 17 00:00:00 2001
From: zss <zss@example.com>
Date: 星期二, 23 九月 2025 09:28:04 +0800
Subject: [PATCH] 设备运行管理

---
 src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java |   41 ++++++++++++++++++++++++++++-------------
 1 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java b/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
index 8989ca1..dda96c3 100644
--- a/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
+++ b/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
@@ -22,7 +22,7 @@
 
         // special HTML characters
         TEXT['\''] = "&#039;".toCharArray(); // 鍗曞紩鍙�
-        TEXT['"'] = "&#34;".toCharArray(); // 鍗曞紩鍙�
+        TEXT['"'] = "&#34;".toCharArray(); // 鍙屽紩鍙�
         TEXT['&'] = "&#38;".toCharArray(); // &绗�
         TEXT['<'] = "&#60;".toCharArray(); // 灏忎簬鍙�
         TEXT['>'] = "&#62;".toCharArray(); // 澶т簬鍙�
@@ -69,26 +69,37 @@
      */
     private static String encode(String text)
     {
-        int len;
-        if ((text == null) || ((len = text.length()) == 0))
+        if (StringUtils.isEmpty(text))
         {
             return StringUtils.EMPTY;
         }
-        StringBuilder buffer = new StringBuilder(len + (len >> 2));
+
+        final StringBuilder tmp = new StringBuilder(text.length() * 6);
         char c;
-        for (int i = 0; i < len; i++)
+        for (int i = 0; i < text.length(); i++)
         {
             c = text.charAt(i);
-            if (c < 64)
+            if (c < 256)
             {
-                buffer.append(TEXT[c]);
+                tmp.append("%");
+                if (c < 16)
+                {
+                    tmp.append("0");
+                }
+                tmp.append(Integer.toString(c, 16));
             }
             else
             {
-                buffer.append(c);
+                tmp.append("%u");
+                if (c <= 0xfff)
+                {
+                    // issue#I49JU8@Gitee
+                    tmp.append("0");
+                }
+                tmp.append(Integer.toString(c, 16));
             }
         }
-        return buffer.toString();
+        return tmp.toString();
     }
 
     /**
@@ -144,9 +155,13 @@
 
     public static void main(String[] args)
     {
-        String html = "alert('11111');";
-        System.out.println(EscapeUtil.clean(html));
-        System.out.println(EscapeUtil.escape(html));
-        System.out.println(EscapeUtil.unescape(html));
+        String html = "<script>alert(1);</script>";
+        String escape = EscapeUtil.escape(html);
+        // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
+        // String html = "<123";
+        // String html = "123>";
+        System.out.println("clean: " + EscapeUtil.clean(html));
+        System.out.println("escape: " + escape);
+        System.out.println("unescape: " + EscapeUtil.unescape(escape));
     }
 }

--
Gitblit v1.9.3