From 19b868875992821a28f408cbbd2a31fa47f91072 Mon Sep 17 00:00:00 2001
From: Live <1005297262@qq.com>
Date: Tue, 09 Jun 2020 11:36:10 +0800
Subject: [PATCH] IpUtils工具,清除Xss特殊字符,防止Xff注入攻击
---
ruoyi/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/ruoyi/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java b/ruoyi/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java
index e99e487..6244cd5 100644
--- a/ruoyi/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java
+++ b/ruoyi/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java
@@ -522,7 +522,8 @@
final String one = m.group(1); // (>|^)
final String two = m.group(2); // ([^<]+?)
final String three = m.group(3); // (<|$)
- m.appendReplacement(buf, Matcher.quoteReplacement(one + regexReplace(P_QUOTE, """, two) + three));
+ // 不替换双引号为",防止json格式无效 regexReplace(P_QUOTE, """, two)
+ m.appendReplacement(buf, Matcher.quoteReplacement(one + two + three));
}
m.appendTail(buf);
return buf.toString();
--
Gitblit v1.9.2