From fd0de5c3ce1b0faa0f2e274d7b70f516e69d575a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 28 七月 2021 16:17:27 +0800
Subject: [PATCH] 优化XSS跨站脚本过滤
---
src/main/java/com/ruoyi/project/system/controller/SysMenuController.java | 7 ++-----
1 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java b/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java
index 0f8b4c6..a59802c 100644
--- a/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java
+++ b/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java
@@ -12,7 +12,6 @@
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
-import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.ServletUtils;
@@ -102,8 +101,7 @@
{
return AjaxResult.error("鏂板鑿滃崟'" + menu.getMenuName() + "'澶辫触锛岃彍鍗曞悕绉板凡瀛樺湪");
}
- else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
- && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
+ else if (UserConstants.YES_FRAME.equals(menu.getIsFrame()) && !StringUtils.ishttp(menu.getPath()))
{
return AjaxResult.error("鏂板鑿滃崟'" + menu.getMenuName() + "'澶辫触锛屽湴鍧�蹇呴』浠ttp(s)://寮�澶�");
}
@@ -123,8 +121,7 @@
{
return AjaxResult.error("淇敼鑿滃崟'" + menu.getMenuName() + "'澶辫触锛岃彍鍗曞悕绉板凡瀛樺湪");
}
- else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
- && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
+ else if (UserConstants.YES_FRAME.equals(menu.getIsFrame()) && !StringUtils.ishttp(menu.getPath()))
{
return AjaxResult.error("淇敼鑿滃崟'" + menu.getMenuName() + "'澶辫触锛屽湴鍧�蹇呴』浠ttp(s)://寮�澶�");
}
--
Gitblit v1.9.3