From 15c4428b9c95bcb15d7efa29b061350d28e151b8 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期二, 24 十一月 2020 11:54:38 +0800
Subject: [PATCH] 修改 ruoyi CharsetKit.java bug
---
ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java | 307 +++++++++++++++++++++++++-------------------------
1 files changed, 155 insertions(+), 152 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
index 8989ca1..bf9980a 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
@@ -1,152 +1,155 @@
-package com.ruoyi.common.utils.html;
-
-import com.ruoyi.common.utils.StringUtils;
-
-/**
- * 杞箟鍜屽弽杞箟宸ュ叿绫�
- *
- * @author ruoyi
- */
-public class EscapeUtil
-{
- public static final String RE_HTML_MARK = "(<[^<]*?>)|(<[\\s]*?/[^<]*?>)|(<[^<]*?/[\\s]*?>)";
-
- private static final char[][] TEXT = new char[64][];
-
- static
- {
- for (int i = 0; i < 64; i++)
- {
- TEXT[i] = new char[] { (char) i };
- }
-
- // special HTML characters
- TEXT['\''] = "'".toCharArray(); // 鍗曞紩鍙�
- TEXT['"'] = """.toCharArray(); // 鍗曞紩鍙�
- TEXT['&'] = "&".toCharArray(); // &绗�
- TEXT['<'] = "<".toCharArray(); // 灏忎簬鍙�
- TEXT['>'] = ">".toCharArray(); // 澶т簬鍙�
- }
-
- /**
- * 杞箟鏂囨湰涓殑HTML瀛楃涓哄畨鍏ㄧ殑瀛楃
- *
- * @param text 琚浆涔夌殑鏂囨湰
- * @return 杞箟鍚庣殑鏂囨湰
- */
- public static String escape(String text)
- {
- return encode(text);
- }
-
- /**
- * 杩樺師琚浆涔夌殑HTML鐗规畩瀛楃
- *
- * @param content 鍖呭惈杞箟绗︾殑HTML鍐呭
- * @return 杞崲鍚庣殑瀛楃涓�
- */
- public static String unescape(String content)
- {
- return decode(content);
- }
-
- /**
- * 娓呴櫎鎵�鏈塇TML鏍囩锛屼絾鏄笉鍒犻櫎鏍囩鍐呯殑鍐呭
- *
- * @param content 鏂囨湰
- * @return 娓呴櫎鏍囩鍚庣殑鏂囨湰
- */
- public static String clean(String content)
- {
- return new HTMLFilter().filter(content);
- }
-
- /**
- * Escape缂栫爜
- *
- * @param text 琚紪鐮佺殑鏂囨湰
- * @return 缂栫爜鍚庣殑瀛楃
- */
- private static String encode(String text)
- {
- int len;
- if ((text == null) || ((len = text.length()) == 0))
- {
- return StringUtils.EMPTY;
- }
- StringBuilder buffer = new StringBuilder(len + (len >> 2));
- char c;
- for (int i = 0; i < len; i++)
- {
- c = text.charAt(i);
- if (c < 64)
- {
- buffer.append(TEXT[c]);
- }
- else
- {
- buffer.append(c);
- }
- }
- return buffer.toString();
- }
-
- /**
- * Escape瑙g爜
- *
- * @param content 琚浆涔夌殑鍐呭
- * @return 瑙g爜鍚庣殑瀛楃涓�
- */
- public static String decode(String content)
- {
- if (StringUtils.isEmpty(content))
- {
- return content;
- }
-
- StringBuilder tmp = new StringBuilder(content.length());
- int lastPos = 0, pos = 0;
- char ch;
- while (lastPos < content.length())
- {
- pos = content.indexOf("%", lastPos);
- if (pos == lastPos)
- {
- if (content.charAt(pos + 1) == 'u')
- {
- ch = (char) Integer.parseInt(content.substring(pos + 2, pos + 6), 16);
- tmp.append(ch);
- lastPos = pos + 6;
- }
- else
- {
- ch = (char) Integer.parseInt(content.substring(pos + 1, pos + 3), 16);
- tmp.append(ch);
- lastPos = pos + 3;
- }
- }
- else
- {
- if (pos == -1)
- {
- tmp.append(content.substring(lastPos));
- lastPos = content.length();
- }
- else
- {
- tmp.append(content.substring(lastPos, pos));
- lastPos = pos;
- }
- }
- }
- return tmp.toString();
- }
-
- public static void main(String[] args)
- {
- String html = "alert('11111');";
- System.out.println(EscapeUtil.clean(html));
- System.out.println(EscapeUtil.escape(html));
- System.out.println(EscapeUtil.unescape(html));
- }
-}
+package com.ruoyi.common.utils.html;
+
+import com.ruoyi.common.utils.StringUtils;
+
+/**
+ * 杞箟鍜屽弽杞箟宸ュ叿绫�
+ *
+ * @author ruoyi
+ */
+public class EscapeUtil
+{
+ public static final String RE_HTML_MARK = "(<[^<]*?>)|(<[\\s]*?/[^<]*?>)|(<[^<]*?/[\\s]*?>)";
+
+ private static final char[][] TEXT = new char[64][];
+
+ static
+ {
+ for (int i = 0; i < 64; i++)
+ {
+ TEXT[i] = new char[] { (char) i };
+ }
+
+ // special HTML characters
+ TEXT['\''] = "'".toCharArray(); // 鍗曞紩鍙�
+ TEXT['"'] = """.toCharArray(); // 鍗曞紩鍙�
+ TEXT['&'] = "&".toCharArray(); // &绗�
+ TEXT['<'] = "<".toCharArray(); // 灏忎簬鍙�
+ TEXT['>'] = ">".toCharArray(); // 澶т簬鍙�
+ }
+
+ /**
+ * 杞箟鏂囨湰涓殑HTML瀛楃涓哄畨鍏ㄧ殑瀛楃
+ *
+ * @param text 琚浆涔夌殑鏂囨湰
+ * @return 杞箟鍚庣殑鏂囨湰
+ */
+ public static String escape(String text)
+ {
+ return encode(text);
+ }
+
+ /**
+ * 杩樺師琚浆涔夌殑HTML鐗规畩瀛楃
+ *
+ * @param content 鍖呭惈杞箟绗︾殑HTML鍐呭
+ * @return 杞崲鍚庣殑瀛楃涓�
+ */
+ public static String unescape(String content)
+ {
+ return decode(content);
+ }
+
+ /**
+ * 娓呴櫎鎵�鏈塇TML鏍囩锛屼絾鏄笉鍒犻櫎鏍囩鍐呯殑鍐呭
+ *
+ * @param content 鏂囨湰
+ * @return 娓呴櫎鏍囩鍚庣殑鏂囨湰
+ */
+ public static String clean(String content)
+ {
+ return new HTMLFilter().filter(content);
+ }
+
+ /**
+ * Escape缂栫爜
+ *
+ * @param text 琚紪鐮佺殑鏂囨湰
+ * @return 缂栫爜鍚庣殑瀛楃
+ */
+ private static String encode(String text)
+ {
+ int len;
+ if ((text == null) || ((len = text.length()) == 0))
+ {
+ return StringUtils.EMPTY;
+ }
+ StringBuilder buffer = new StringBuilder(len + (len >> 2));
+ char c;
+ for (int i = 0; i < len; i++)
+ {
+ c = text.charAt(i);
+ if (c < 64)
+ {
+ buffer.append(TEXT[c]);
+ }
+ else
+ {
+ buffer.append(c);
+ }
+ }
+ return buffer.toString();
+ }
+
+ /**
+ * Escape瑙g爜
+ *
+ * @param content 琚浆涔夌殑鍐呭
+ * @return 瑙g爜鍚庣殑瀛楃涓�
+ */
+ public static String decode(String content)
+ {
+ if (StringUtils.isEmpty(content))
+ {
+ return content;
+ }
+
+ StringBuilder tmp = new StringBuilder(content.length());
+ int lastPos = 0, pos = 0;
+ char ch;
+ while (lastPos < content.length())
+ {
+ pos = content.indexOf("%", lastPos);
+ if (pos == lastPos)
+ {
+ if (content.charAt(pos + 1) == 'u')
+ {
+ ch = (char) Integer.parseInt(content.substring(pos + 2, pos + 6), 16);
+ tmp.append(ch);
+ lastPos = pos + 6;
+ }
+ else
+ {
+ ch = (char) Integer.parseInt(content.substring(pos + 1, pos + 3), 16);
+ tmp.append(ch);
+ lastPos = pos + 3;
+ }
+ }
+ else
+ {
+ if (pos == -1)
+ {
+ tmp.append(content.substring(lastPos));
+ lastPos = content.length();
+ }
+ else
+ {
+ tmp.append(content.substring(lastPos, pos));
+ lastPos = pos;
+ }
+ }
+ }
+ return tmp.toString();
+ }
+
+ public static void main(String[] args)
+ {
+ String html = "<script>alert(1);</script>";
+ // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
+ // String html = "<123";
+ // String html = "123>";
+ System.out.println(EscapeUtil.clean(html));
+ System.out.println(EscapeUtil.escape(html));
+ System.out.println(EscapeUtil.unescape(html));
+ }
+}
--
Gitblit v1.9.3