代码调整

2022-11-10 10:36:08 +08:00
parent 6a3a05d45f
commit 75563a8e24
169 changed files with 1138 additions and 7595 deletions
--- a/pqs-common/common-web/src/main/java/com/njcn/web/filter/XssRequestWrapper.java
+++ b/pqs-common/common-web/src/main/java/com/njcn/web/filter/XssRequestWrapper.java
@@ -34,7 +34,7 @@ import java.util.stream.Stream;
@Slf4j
 public class XssRequestWrapper extends HttpServletRequestWrapper {

-    private final static String[] WHITE_PARAMETER_NAME = {"password","mxContent","docContent","bgImage"};
+    private final static String[] WHITE_PARAMETER_NAME = {"password", "mxContent", "docContent", "bgImage"};


    public XssRequestWrapper(HttpServletRequest request) {
@@ -87,6 +87,7 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
            AntiSamy antiSamy = new AntiSamy();
            CleanResults scan = antiSamy.scan(html, policy);
            cleanHtml = scan.getCleanHTML();
+            cleanHtml = cleanHtml.replace("\n", "");
            // 对转义的HTML特殊字符（<、>、"等）进行反转义，因为AntiSamy调用scan方法时会将特殊字符转义
            cleanHtml = StringEscapeUtils.unescapeHtml4(cleanHtml);
        } catch (ScanException | PolicyException e) {
@@ -95,7 +96,6 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
        return cleanHtml;
    }

-
    /**
     * 过滤请求头
     *
@@ -190,9 +190,10 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
                if (Objects.isNull(temp)) {
                    objects[i] = "";
                } else if (temp instanceof Number || temp instanceof List) {
+//                    objects[i] = xssClean(Objects.isNull(temp) ? "" : temp.toString());
                    objects[i] = temp;
                } else {
-                    objects[i] = xssClean(Objects.isNull(temp) ? "" : temp.toString());;
+                    objects[i] = temp;
                }
            }
            finishJson = objectMapper.writeValueAsString(objects);