From 10448f998d8682afdd2523436b3fac5be8273510 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=BD=A0=E4=B8=80=E4=B8=AA=E4=BA=BA=E5=9C=A8=E8=BF=99?=
=?UTF-8?q?=E5=84=BF=E5=B9=B2=E5=98=9B=E4=BD=A0=E6=98=AF=E6=9D=A5=E6=8B=89?=
=?UTF-8?q?=E5=B1=8E=E7=9A=84=E5=90=A7?= <1421374934@qq.com>
Date: Fri, 13 May 2022 10:29:49 +0800
Subject: [PATCH] =?UTF-8?q?:bug:=20=20=E6=9B=BF=E6=8D=A2pre=E5=92=8Ccode?=
=?UTF-8?q?=E5=86=85=E5=AE=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../forest/util/ContentHtmlTagUtils.java | 52 +++++++++
.../rymcu/forest/utils/TestHtmlTagUtils.java | 102 ++++++++++++++++++
2 files changed, 154 insertions(+)
create mode 100644 src/main/java/com/rymcu/forest/util/ContentHtmlTagUtils.java
create mode 100644 src/test/java/com/rymcu/forest/utils/TestHtmlTagUtils.java
diff --git a/src/main/java/com/rymcu/forest/util/ContentHtmlTagUtils.java b/src/main/java/com/rymcu/forest/util/ContentHtmlTagUtils.java
new file mode 100644
index 0000000..6331e05
--- /dev/null
+++ b/src/main/java/com/rymcu/forest/util/ContentHtmlTagUtils.java
@@ -0,0 +1,52 @@
+package com.rymcu.forest.util;
+
+import cn.hutool.core.util.ReUtil;
+import cn.hutool.http.HtmlUtil;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import java.util.regex.Pattern;
+
+import static org.apache.commons.lang.StringUtils.isBlank;
+
+/**
+ * 内容html标签
+ * @author 你一个人在这儿干嘛你是来拉屎的吧
+ */
+public class ContentHtmlTagUtils {
+ private static final String regex = "([\\s|\\S]+?
)|([\\s|\\S]+?)";
+ /**
+ * 替换pre标签,过滤xss,并把pre标签换回来
+ * @param content 待处理内容
+ * @return 替换pre标签,过滤xss,并把pre标签换回来后的内容
+ */
+ public static String replacePreTagAndFilterXss(String content) {
+ if(isBlank(content)) {
+ return content;
+ }
+ // 拿到匹配的pre标签List
+ List resultFindAll = ReUtil.findAll(regex, content, 0, new ArrayList<>());
+ // size大于0,就做替换
+ if (resultFindAll.size() > 0) {
+ // 生成一个待替换唯一字符串
+ String preTagReplace = UUID.randomUUID().toString() + System.currentTimeMillis();
+ // 判断替换字符串是否唯一
+ while (ReUtil.findAll(preTagReplace, content, 0, new ArrayList<>()).size() > 0) {
+ preTagReplace = UUID.randomUUID().toString() + System.currentTimeMillis();
+ }
+ Pattern pattern = Pattern.compile(preTagReplace);
+ // 替换pre标签内容
+ String preFilter = ReUtil.replaceAll(content, regex, preTagReplace);
+ // 拦截xss
+ final String[] filterResult = {HtmlUtil.filter(preFilter)};
+
+ // 依次将替换后的pre标签换回来
+ resultFindAll.forEach(obj -> filterResult[0] = ReUtil.replaceFirst(pattern, filterResult[0], obj));
+ return filterResult[0];
+ } else {
+ return HtmlUtil.filter(content);
+ }
+ }
+}
diff --git a/src/test/java/com/rymcu/forest/utils/TestHtmlTagUtils.java b/src/test/java/com/rymcu/forest/utils/TestHtmlTagUtils.java
new file mode 100644
index 0000000..152f9cc
--- /dev/null
+++ b/src/test/java/com/rymcu/forest/utils/TestHtmlTagUtils.java
@@ -0,0 +1,102 @@
+package com.rymcu.forest.utils;
+
+import cn.hutool.core.util.ReUtil;
+import cn.hutool.http.HtmlUtil;
+import org.junit.jupiter.api.Test;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import static com.rymcu.forest.util.ContentHtmlTagUtils.replacePreTagAndFilterXss;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+/**
+ * html.preTag.replace
+ */
+public class TestHtmlTagUtils {
+
+ /**
+ * 过滤HTML文本,防止XSS攻击
+ */
+ @Test
+ public void testFilter() {
+ String html = "![]()
";
+ // 结果为:""
+ String result = HtmlUtil.filter(html);
+
+ System.out.println(result);
+ }
+
+ /**
+ * 找到所有
+ */
+ @Test
+ public void testFindAll() {
+ String content = "ZZZaaabbbccc中文1234";
+ List resultFindAll = ReUtil.findAll("\\w{2}", content, 0, new ArrayList<>());
+ System.out.println(resultFindAll);
+ }
+
+ /**
+ * uuid
+ */
+ @Test
+ public void testUUID() {
+ System.out.println(UUID.randomUUID().toString() + System.currentTimeMillis());
+ }
+
+ /**
+ * 找到所有pre标签
+ */
+ @Test
+ public void testFindPreTag() {
+ String regex = "[\\s|\\S]+?
";
+ String content = "\n" + "123" + "
\n" + "3333333" + "
\n" + "55555555555" + "
\n" + "4555555" + "
\n" + "99999999999" + "
sdfsdf";
+ List resultFindAll = ReUtil.findAll(regex, content, 0, new ArrayList<>());
+ System.out.println(resultFindAll.size());
+ System.out.println(resultFindAll);
+
+ Pattern pattern = Pattern.compile(regex);
+ Matcher matcher = pattern.matcher(content);
+ while (matcher.find()) {
+ System.out.println(matcher.group());
+ }
+ }
+
+ /**
+ * 拦截xxs前先把pre标签对给提取置换再拦截xxs,然后再把pre标签换回来
+ */
+ @Test
+ public void testReplaceContent() {
+ String regex = "([\\s|\\S]+?
)|([\\s|\\S]+?)";
+ String content = "![]()
![]()
\n" + "123![]()
![]()
" + "![]()
![]()
\n" + "3333333![]()
![]()
" + "
\n" + "55555555555![]()
![]()
" + "
\n" + "4555555![]()
![]()
" + "
\n" + "99999999999![]()
![]()
" + "
sdfsdf![]()
![]()
![]()
![]()
";
+ // 拿到匹配的pre标签List
+ List resultFindAll = ReUtil.findAll(regex, content, 0, new ArrayList<>());
+ // size大于0,就做替换
+ if (resultFindAll.size() > 0) {
+ // 生成一个待替换唯一字符串
+ String preTagReplace = UUID.randomUUID().toString() + System.currentTimeMillis();
+ // 判断替换字符串是否唯一
+ while (ReUtil.findAll(preTagReplace, content, 0, new ArrayList<>()).size() > 0) {
+ preTagReplace = UUID.randomUUID().toString() + System.currentTimeMillis();
+ }
+ Pattern pattern = Pattern.compile(preTagReplace);
+ // 替换pre标签内容
+ String preFilter = ReUtil.replaceAll(content, regex, preTagReplace);
+ System.out.println("pre标签替换");
+ System.out.println(preFilter);
+ final String[] filterResult = {HtmlUtil.filter(preFilter)};
+ resultFindAll.forEach(obj -> filterResult[0] = ReUtil.replaceFirst(pattern, filterResult[0], obj));
+ System.out.println("pre标签被换回来了");
+ System.out.println(filterResult[0]);
+ assertEquals(filterResult[0], replacePreTagAndFilterXss(content));
+ } else {
+ String filterResult = HtmlUtil.filter(content);
+ System.out.println("HtmlUtil.filter");
+ System.out.println(filterResult);
+ }
+ }
+}