From 01fef0b9e19acb07fec138f09b07b7b3fdee5862 Mon Sep 17 00:00:00 2001
From: xx2yy <50043243@qq.com>
Date: Mon, 31 May 2021 10:31:50 +0800
Subject: [PATCH] 同步菜单新增、修改界面“功能权限”maxlength为100(保持与数据库字段长度一致),避免因超过50后不能录入问题
---
ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
index 8989ca1..65fd792 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
@@ -22,7 +22,7 @@
// special HTML characters
TEXT['\''] = "'".toCharArray(); // 单引号
- TEXT['"'] = """.toCharArray(); // 单引号
+ TEXT['"'] = """.toCharArray(); // 双引号
TEXT['&'] = "&".toCharArray(); // &符
TEXT['<'] = "<".toCharArray(); // 小于号
TEXT['>'] = ">".toCharArray(); // 大于号
@@ -144,7 +144,10 @@
public static void main(String[] args)
{
- String html = "alert('11111');";
+ String html = "<script>alert(1);</script>";
+ // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
+ // String html = "<123";
+ // String html = "123>";
System.out.println(EscapeUtil.clean(html));
System.out.println(EscapeUtil.escape(html));
System.out.println(EscapeUtil.unescape(html));
--
Gitblit v1.9.2