🐛 fixed XssUtils
🐛 fixed XssUtils
This commit is contained in:
commit
89876863cc
@ -17,10 +17,11 @@ import java.util.regex.Pattern;
|
||||
* @packageName com.rymcu.forest.util
|
||||
*/
|
||||
public class XssUtils {
|
||||
private static final String regex = "(<pre>[\\s|\\S]+?</pre>)|(<code>[\\s|\\S]+?</code>)";
|
||||
private static final String REGEX_CODE = "(<pre>[\\s|\\S]+?</pre>)|(<code>[\\s|\\S]+?</code>)";
|
||||
|
||||
/**
|
||||
* 滤除content中的危险 HTML 代码, 主要是脚本代码, 滚动字幕代码以及脚本事件处理代码
|
||||
*
|
||||
* @param content 需要滤除的字符串
|
||||
* @return 过滤的结果
|
||||
*/
|
||||
@ -49,33 +50,54 @@ public class XssUtils {
|
||||
}
|
||||
|
||||
public static String filterHtmlCode(String content) {
|
||||
if(StringUtils.isBlank(content)) {
|
||||
return content;
|
||||
if (StringUtils.isBlank(content)) {
|
||||
return content;
|
||||
}
|
||||
// 拿到匹配的pre标签List
|
||||
List<String> resultFindAll = ReUtil.findAll(regex, content, 0, new ArrayList<>());
|
||||
List<String> resultFindAll = ReUtil.findAll(REGEX_CODE, content, 0, new ArrayList<>());
|
||||
// size大于0,就做替换
|
||||
if (resultFindAll.size() > 0) {
|
||||
// 生成一个待替换唯一字符串
|
||||
String preTagReplace = UUID.randomUUID().toString() + System.currentTimeMillis();
|
||||
// 判断替换字符串是否唯一
|
||||
while (ReUtil.findAll(preTagReplace, content, 0, new ArrayList<>()).size() > 0) {
|
||||
preTagReplace = UUID.randomUUID().toString() + System.currentTimeMillis();
|
||||
}
|
||||
Pattern pattern = Pattern.compile(preTagReplace);
|
||||
String uniqueUUID = searchUniqueUUID(content);
|
||||
|
||||
// 替换所有$为uniqueUUID
|
||||
content = ReUtil.replaceAll(content, "\\$", uniqueUUID);
|
||||
|
||||
// pre标签替换字符串
|
||||
String replaceStr = uniqueUUID + uniqueUUID;
|
||||
|
||||
// 替换pre标签内容
|
||||
String preFilter = ReUtil.replaceAll(content, regex, preTagReplace);
|
||||
String preFilter = ReUtil.replaceAll(content, REGEX_CODE, replaceStr);
|
||||
|
||||
// 拦截xss
|
||||
final String[] filterResult = {replaceHtmlCode(preFilter)};
|
||||
|
||||
// 依次将替换后的pre标签换回来
|
||||
resultFindAll.forEach(obj -> filterResult[0] = ReUtil.replaceFirst(pattern, filterResult[0], obj));
|
||||
return filterResult[0];
|
||||
Pattern pattern = Pattern.compile(replaceStr);
|
||||
resultFindAll.forEach(obj -> {
|
||||
obj = ReUtil.replaceAll(obj, "\\$", uniqueUUID);
|
||||
filterResult[0] = ReUtil.replaceFirst(pattern, filterResult[0], obj);
|
||||
});
|
||||
|
||||
// 将$换回来
|
||||
return ReUtil.replaceAll(filterResult[0], uniqueUUID, "$");
|
||||
} else {
|
||||
return replaceHtmlCode(content);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param content 待查找内容
|
||||
* @return
|
||||
*/
|
||||
public static String searchUniqueUUID(String content) {
|
||||
// 生成一个待替换唯一字符串
|
||||
String uniqueUUID = UUID.randomUUID().toString();
|
||||
// 判断替换字符串是否唯一
|
||||
while (ReUtil.findAll(uniqueUUID, content, 0, new ArrayList<>()).size() > 0) {
|
||||
uniqueUUID = UUID.randomUUID().toString();
|
||||
}
|
||||
return uniqueUUID;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
@ -1,30 +0,0 @@
|
||||
package com.rymcu.forest.utils;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.core.io.Resource;
|
||||
import org.springframework.util.DigestUtils;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
// 仅运行指定类
|
||||
@SpringBootTest(classes = TestFileMd5.class)
|
||||
public class TestFileMd5 {
|
||||
|
||||
|
||||
@Value("classpath:1.txt")
|
||||
private Resource testFile;
|
||||
|
||||
/**
|
||||
* c6c26c7e8a5eb493b14e84bd91df60e3
|
||||
* d41d8cd98f00b204e9800998ecf8427e
|
||||
*
|
||||
* @throws Exception
|
||||
*/
|
||||
@Test
|
||||
public void test() throws Exception {
|
||||
String md5 = DigestUtils.md5DigestAsHex(testFile.getInputStream());
|
||||
assertEquals("202cb962ac59075b964b07152d234b70", md5);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user