From ce3298b9b01d83aea11bd144ccdc2e890a75cd97 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 26 六月 2024 19:52:25 +0800
Subject: [PATCH] 升级spring-security到安全版本，防止漏洞风险

---
 src/main/java/com/ruoyi/common/xss/XssValidator.java |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/ruoyi/common/xss/XssValidator.java b/src/main/java/com/ruoyi/common/xss/XssValidator.java
index 34d0700..b859428 100644
--- a/src/main/java/com/ruoyi/common/xss/XssValidator.java
+++ b/src/main/java/com/ruoyi/common/xss/XssValidator.java
@@ -27,8 +27,13 @@
 
     public static boolean containsHtml(String value)
     {
+        StringBuilder sHtml = new StringBuilder();
         Pattern pattern = Pattern.compile(HTML_PATTERN);
         Matcher matcher = pattern.matcher(value);
-        return matcher.matches();
+        while (matcher.find())
+        {
+            sHtml.append(matcher.group());
+        }
+        return pattern.matcher(sHtml).matches();
     }
 }
\ No newline at end of file

--
Gitblit v1.9.3