From beeba1259f983a5f92e6b8137d2fb05389f184b4 Mon Sep 17 00:00:00 2001
From: chenrui <1187576398@qq.com>
Date: 星期二, 27 五月 2025 11:39:43 +0800
Subject: [PATCH] 开票台账功能修改
---
src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java | 41 ++++++++++++++++++++++++++++-------------
1 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java b/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
index 8989ca1..dda96c3 100644
--- a/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
+++ b/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
@@ -22,7 +22,7 @@
// special HTML characters
TEXT['\''] = "'".toCharArray(); // 鍗曞紩鍙�
- TEXT['"'] = """.toCharArray(); // 鍗曞紩鍙�
+ TEXT['"'] = """.toCharArray(); // 鍙屽紩鍙�
TEXT['&'] = "&".toCharArray(); // &绗�
TEXT['<'] = "<".toCharArray(); // 灏忎簬鍙�
TEXT['>'] = ">".toCharArray(); // 澶т簬鍙�
@@ -69,26 +69,37 @@
*/
private static String encode(String text)
{
- int len;
- if ((text == null) || ((len = text.length()) == 0))
+ if (StringUtils.isEmpty(text))
{
return StringUtils.EMPTY;
}
- StringBuilder buffer = new StringBuilder(len + (len >> 2));
+
+ final StringBuilder tmp = new StringBuilder(text.length() * 6);
char c;
- for (int i = 0; i < len; i++)
+ for (int i = 0; i < text.length(); i++)
{
c = text.charAt(i);
- if (c < 64)
+ if (c < 256)
{
- buffer.append(TEXT[c]);
+ tmp.append("%");
+ if (c < 16)
+ {
+ tmp.append("0");
+ }
+ tmp.append(Integer.toString(c, 16));
}
else
{
- buffer.append(c);
+ tmp.append("%u");
+ if (c <= 0xfff)
+ {
+ // issue#I49JU8@Gitee
+ tmp.append("0");
+ }
+ tmp.append(Integer.toString(c, 16));
}
}
- return buffer.toString();
+ return tmp.toString();
}
/**
@@ -144,9 +155,13 @@
public static void main(String[] args)
{
- String html = "alert('11111');";
- System.out.println(EscapeUtil.clean(html));
- System.out.println(EscapeUtil.escape(html));
- System.out.println(EscapeUtil.unescape(html));
+ String html = "<script>alert(1);</script>";
+ String escape = EscapeUtil.escape(html);
+ // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
+ // String html = "<123";
+ // String html = "123>";
+ System.out.println("clean: " + EscapeUtil.clean(html));
+ System.out.println("escape: " + escape);
+ System.out.println("unescape: " + EscapeUtil.unescape(escape));
}
}
--
Gitblit v1.9.3