github
/
RuoYi
mirror of https://gitee.com/y_project/RuoYi.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

新增xss过滤开关

pull/20/MERGE
RuoYi 2018-08-10 18:12:28 +08:00
parent bb7799c1aa
commit e8eaeadbb0
2 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/main/java/com/ruoyi/common/xss/XssFilter.java
View File

@ -14,6 +14,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter; import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import com.ruoyi.common.utils.StringUtils;
/** /**
* XSS * XSS
@ -23,24 +24,33 @@ import javax.servlet.http.HttpServletResponse;
@WebFilter(filterName = "xssFilter", urlPatterns = "/system/*") @WebFilter(filterName = "xssFilter", urlPatterns = "/system/*")
public class XssFilter implements Filter public class XssFilter implements Filter
{ {
/** /**
* *
*/ */
public List<String> excludes = new ArrayList<>(); public List<String> excludes = new ArrayList<>();
/**
* xss
*/
public boolean xssEbabled = false;
@Override @Override
public void init(FilterConfig filterConfig) throws ServletException public void init(FilterConfig filterConfig) throws ServletException
{ {
String temp = filterConfig.getInitParameter("excludes"); String tempExcludes = filterConfig.getInitParameter("excludes");
if (temp != null) String tempXssEbabled = filterConfig.getInitParameter("xssEbabled");
if (tempExcludes != null)
{ {
String[] url = temp.split(","); String[] url = tempExcludes.split(",");
for (int i = 0; url != null && i < url.length; i++) for (int i = 0; url != null && i < url.length; i++)
{ {
excludes.add(url[i]); excludes.add(url[i]);
} }
} }
if (StringUtils.isNotEmpty(tempXssEbabled))
{
xssEbabled = Boolean.valueOf(tempXssEbabled);
}
} }
@Override @Override
@ -64,6 +74,10 @@ public class XssFilter implements Filter
{ {
return false; return false;
} }
if (!xssEbabled)
{
return true;
}
String url = request.getServletPath(); String url = request.getServletPath();
for (String pattern : excludes) for (String pattern : excludes)
{ {

3
src/main/java/com/ruoyi/framework/config/FilterConfig.java
View File

@ -27,7 +27,8 @@ public class FilterConfig
registration.setName("xssFilter"); registration.setName("xssFilter");
registration.setOrder(Integer.MAX_VALUE); registration.setOrder(Integer.MAX_VALUE);
Map<String, String> initParameters = Maps.newHashMap(); Map<String, String> initParameters = Maps.newHashMap();
initParameters.put("excludes", "/system/notice/*"); initParameters.put("excludes", "/system/notice/*,/img/*,/css/*,/fonts/*,/js/*,/ajax/*,/ruoyi/*");
initParameters.put("xssEbabled", "false");
registration.setInitParameters(initParameters); registration.setInitParameters(initParameters);
return registration; return registration;
} }