From dbba894544c8f3c4739a7b8ef2b4a9a902a8ab3b Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期一, 29 十一月 2021 14:01:28 +0800
Subject: [PATCH] 发布 v3.4.0
---
ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java | 135 ++++++++++++++++++++------------------------
1 files changed, 61 insertions(+), 74 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
index 703ce9a..f397de1 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
@@ -1,74 +1,61 @@
-package com.ruoyi.common.filter;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import com.ruoyi.common.utils.StringUtils;
-
-/**
- * 闃叉XSS鏀诲嚮鐨勮繃婊ゅ櫒
- *
- * @author ruoyi
- */
-public class XssFilter implements Filter
-{
- /**
- * 鎺掗櫎閾炬帴
- */
- public List<String> excludes = new ArrayList<>();
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException
- {
- String tempExcludes = filterConfig.getInitParameter("excludes");
- if (StringUtils.isNotEmpty(tempExcludes))
- {
- String[] url = tempExcludes.split(",");
- for (int i = 0; url != null && i < url.length; i++)
- {
- excludes.add(url[i]);
- }
- }
- }
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException
- {
- HttpServletRequest req = (HttpServletRequest) request;
- HttpServletResponse resp = (HttpServletResponse) response;
- if (handleExcludeURL(req, resp))
- {
- chain.doFilter(request, response);
- return;
- }
- XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
- chain.doFilter(xssRequest, response);
- }
-
- private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response)
- {
- String url = request.getServletPath();
- String method = request.getMethod();
- // GET DELETE 涓嶈繃婊�
- if (method == null || method.matches("GET") || method.matches("DELETE"))
- {
- return true;
- }
- return StringUtils.matches(url, excludes);
- }
-
- @Override
- public void destroy()
- {
-
- }
-}
\ No newline at end of file
+package com.ruoyi.common.filter;
+
+import com.ruoyi.common.utils.StringUtils;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * 闃叉XSS鏀诲嚮鐨勮繃婊ゅ櫒
+ *
+ * @author ruoyi
+ */
+public class XssFilter implements Filter {
+ /**
+ * 鎺掗櫎閾炬帴
+ */
+ public List<String> excludes = new ArrayList<>();
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ String tempExcludes = filterConfig.getInitParameter("excludes");
+ if (StringUtils.isNotEmpty(tempExcludes)) {
+ String[] url = tempExcludes.split(",");
+ for (int i = 0; url != null && i < url.length; i++) {
+ excludes.add(url[i]);
+ }
+ }
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletRequest req = (HttpServletRequest) request;
+ HttpServletResponse resp = (HttpServletResponse) response;
+ if (handleExcludeURL(req, resp)) {
+ chain.doFilter(request, response);
+ return;
+ }
+ XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
+ chain.doFilter(xssRequest, response);
+ }
+
+ private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response) {
+ String url = request.getServletPath();
+ String method = request.getMethod();
+ // GET DELETE 涓嶈繃婊�
+ if (method == null || method.matches("GET") || method.matches("DELETE")) {
+ return true;
+ }
+ return StringUtils.matches(url, excludes);
+ }
+
+ @Override
+ public void destroy() {
+
+ }
+}
--
Gitblit v1.9.3