HTML过滤器改为将html转义

2020-07-28 17:21:24 +08:00 · 2020-07-28 17:21:24 +08:00 · 31c3d4021e
parent 3025017d0f
commit 31c3d4021e
4 changed files with 8 additions and 8 deletions
--- a/ruoyi-admin/src/main/resources/templates/monitor/online/online.html
+++ b/ruoyi-admin/src/main/resources/templates/monitor/online/online.html
@ -62,7 +62,10 @@
                },
 		        {
 		            field: 'sessionId',
-		            title: '会话编号'
+		            title: '会话编号',
 		            formatter: function(value, row, index) {
                    	return $.table.tooltip(value);
                    }
 		        },
 		        {
 		            field: 'loginName',
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
@ -147,6 +147,7 @@ public class EscapeUtil
        String html = "<script>alert(1);</script>";
        // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
        // String html = "<123";
        // String html = "123>";
        System.out.println(EscapeUtil.clean(html));
        System.out.println(EscapeUtil.escape(html));
        System.out.println(EscapeUtil.unescape(html));
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java
@ -35,7 +35,7 @@ public final class HTMLFilter
    private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
    private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
    private static final Pattern P_END_ARROW = Pattern.compile("^>");
-    // private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
+    private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
    private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
    private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
    private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
@ -131,7 +131,7 @@ public final class HTMLFilter
        vAllowedEntities = new String[] { "amp", "gt", "lt", "quot" };
        stripComment = true;
        encodeQuotes = true;
-        alwaysMakeTags = true;
+        alwaysMakeTags = false;
    }
    /**
@ -246,7 +246,7 @@ public final class HTMLFilter
            //
            s = regexReplace(P_END_ARROW, "", s);
            // 不追加结束标签
-            // s = regexReplace(P_BODY_TO_END, "<$1>", s);
+            s = regexReplace(P_BODY_TO_END, "<$1>", s);
            s = regexReplace(P_XML_CONTENT, "$1<$2", s);
        }
--- a/ruoyi-generator/src/main/resources/templates/tool/gen/importTable.html
+++ b/ruoyi-generator/src/main/resources/templates/tool/gen/importTable.html
@ -59,7 +59,6 @@
 		        {
 		            field: 'tableName',
 		            title: '表名称',
 		            width: '20%',
 		            sortable: true,
 		            formatter: function(value, row, index) {
                    	return $.table.tooltip(value);
@ -68,7 +67,6 @@
 		        {
 		            field: 'tableComment',
 		            title: '表描述',
 		            width: '20%',
 		            sortable: true,
 		            formatter: function(value, row, index) {
                    	return $.table.tooltip(value);
@ -77,13 +75,11 @@
 		        {
 		            field: 'createTime',
 		            title: '创建时间',
 		            width: '20%',
 		            sortable: true
 		        },
 		        {
 		            field: 'updateTime',
 		            title: '更新时间',
 		            width: '20%',
 		            sortable: true
 		        }]
 		    };