From fd0de5c3ce1b0faa0f2e274d7b70f516e69d575a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 28 七月 2021 16:17:27 +0800
Subject: [PATCH] 优化XSS跨站脚本过滤
---
src/main/java/com/ruoyi/common/utils/StringUtils.java | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 53 insertions(+), 1 deletions(-)
diff --git a/src/main/java/com/ruoyi/common/utils/StringUtils.java b/src/main/java/com/ruoyi/common/utils/StringUtils.java
index 36b3e09..ca12798 100644
--- a/src/main/java/com/ruoyi/common/utils/StringUtils.java
+++ b/src/main/java/com/ruoyi/common/utils/StringUtils.java
@@ -6,6 +6,8 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
+import org.springframework.util.AntPathMatcher;
+import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.text.StrFormatter;
/**
@@ -261,6 +263,17 @@
}
/**
+ * 鏄惁涓篽ttp(s)://寮�澶�
+ *
+ * @param link 閾炬帴
+ * @return 缁撴灉
+ */
+ public static boolean ishttp(String link)
+ {
+ return StringUtils.startsWithAny(link, Constants.HTTP, Constants.HTTPS);
+ }
+
+ /**
* 瀛楃涓茶浆set
*
* @param str 瀛楃涓�
@@ -312,7 +325,7 @@
}
/**
- * 涓嬪垝绾胯浆椹煎嘲鍛藉悕
+ * 椹煎嘲杞笅鍒掔嚎鍛藉悕
*/
public static String toUnderScoreCase(String str)
{
@@ -451,6 +464,45 @@
return sb.toString();
}
+ /**
+ * 鏌ユ壘鎸囧畾瀛楃涓叉槸鍚﹀尮閰嶆寚瀹氬瓧绗︿覆鍒楄〃涓殑浠绘剰涓�涓瓧绗︿覆
+ *
+ * @param str 鎸囧畾瀛楃涓�
+ * @param strs 闇�瑕佹鏌ョ殑瀛楃涓叉暟缁�
+ * @return 鏄惁鍖归厤
+ */
+ public static boolean matches(String str, List<String> strs)
+ {
+ if (isEmpty(str) || isEmpty(strs))
+ {
+ return false;
+ }
+ for (String pattern : strs)
+ {
+ if (isMatch(pattern, str))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * 鍒ゆ柇url鏄惁涓庤鍒欓厤缃�:
+ * ? 琛ㄧず鍗曚釜瀛楃;
+ * * 琛ㄧず涓�灞傝矾寰勫唴鐨勪换鎰忓瓧绗︿覆锛屼笉鍙法灞傜骇;
+ * ** 琛ㄧず浠绘剰灞傝矾寰�;
+ *
+ * @param pattern 鍖归厤瑙勫垯
+ * @param url 闇�瑕佸尮閰嶇殑url
+ * @return
+ */
+ public static boolean isMatch(String pattern, String url)
+ {
+ AntPathMatcher matcher = new AntPathMatcher();
+ return matcher.match(pattern, url);
+ }
+
@SuppressWarnings("unchecked")
public static <T> T cast(Object obj)
{
--
Gitblit v1.9.3