mirror of https://gitee.com/stylefeng/roses
【7.1.5】xss过滤器增加针对context-path的过滤
parent
4565482608
commit
842ea15560
|
@ -62,7 +62,7 @@ public class XssFilter implements Filter {
|
||||||
if (xssProperties != null &&
|
if (xssProperties != null &&
|
||||||
ObjectUtil.isNotEmpty(xssProperties.getUrlExclusion())) {
|
ObjectUtil.isNotEmpty(xssProperties.getUrlExclusion())) {
|
||||||
for (String exclusion : xssProperties.getUrlExclusion()) {
|
for (String exclusion : xssProperties.getUrlExclusion()) {
|
||||||
if (antPathMatcher.match(contextPath + exclusion, servletPath)) {
|
if (antPathMatcher.match(contextPath + exclusion, contextPath + servletPath)) {
|
||||||
chain.doFilter(request, response);
|
chain.doFilter(request, response);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -59,7 +59,7 @@ public class XssJacksonDeserializer extends JsonDeserializer<String> {
|
||||||
if (xssProperties != null &&
|
if (xssProperties != null &&
|
||||||
ObjectUtil.isNotEmpty(xssProperties.getUrlExclusion())) {
|
ObjectUtil.isNotEmpty(xssProperties.getUrlExclusion())) {
|
||||||
for (String exclusion : xssProperties.getUrlExclusion()) {
|
for (String exclusion : xssProperties.getUrlExclusion()) {
|
||||||
if (antPathMatcher.match(contextPath + exclusion, servletPath)) {
|
if (antPathMatcher.match(contextPath + exclusion, contextPath + servletPath)) {
|
||||||
return jsonParser.getText();
|
return jsonParser.getText();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue