lbqms.git - Gitblit

			@@ -1,8 +1,8 @@
			package com.ruoyi.common.filter;

			import cn.hutool.core.lang.Validator;
			import cn.hutool.core.io.IoUtil;
			import cn.hutool.http.HtmlUtil;
			import org.apache.commons.io.IOUtils;
			import com.ruoyi.common.utils.StringUtils;
			import org.springframework.http.HttpHeaders;
			import org.springframework.http.MediaType;

			@@ -12,10 +12,11 @@
			import javax.servlet.http.HttpServletRequestWrapper;
			import java.io.ByteArrayInputStream;
			import java.io.IOException;
			import java.nio.charset.StandardCharsets;

			/**
			* XSS过滤处理
			*
			*
			* @author ruoyi
			*/
			public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
			@@ -56,15 +57,16 @@
			}

			// 为空，直接返回
			String json = IOUtils.toString(super.getInputStream(), "utf-8");
			if (Validator.isEmpty(json))
			String json = IoUtil.read(super.getInputStream(), StandardCharsets.UTF_8);
			if (StringUtils.isEmpty(json))
			{
			return super.getInputStream();
			}

			// xss过滤
			json = HtmlUtil.cleanHtmlTag(json).trim();
			final ByteArrayInputStream bis = new ByteArrayInputStream(json.getBytes("utf-8"));
			byte[] jsonBytes = json.getBytes(StandardCharsets.UTF_8);
			final ByteArrayInputStream bis = IoUtil.toStream(jsonBytes);
			return new ServletInputStream()
			{
			@Override
			@@ -77,6 +79,12 @@
			public boolean isReady()
			{
			return true;
			}

			@Override
			public int available() throws IOException
			{
			return jsonBytes.length;
			}

			@Override
			@@ -94,12 +102,12 @@

			/**
			* 是否是Json请求
			*
			*
			* @param request
			*/
			public boolean isJsonRequest()
			{
			String header = super.getHeader(HttpHeaders.CONTENT_TYPE);
			return MediaType.APPLICATION_JSON_VALUE.equalsIgnoreCase(header);
			return StringUtils.startsWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE);
			}
			}