diff --git a/src/main/java/com/rymcu/forest/util/XssUtils.java b/src/main/java/com/rymcu/forest/util/XssUtils.java
index 6760653..e102398 100644
--- a/src/main/java/com/rymcu/forest/util/XssUtils.java
+++ b/src/main/java/com/rymcu/forest/util/XssUtils.java
@@ -17,10 +17,11 @@ import java.util.regex.Pattern;
* @packageName com.rymcu.forest.util
*/
public class XssUtils {
- private static final String regex = "([\\s|\\S]+?
)|([\\s|\\S]+?)";
+ private static final String REGEX_CODE = "([\\s|\\S]+?
)|([\\s|\\S]+?)";
/**
* 滤除content中的危险 HTML 代码, 主要是脚本代码, 滚动字幕代码以及脚本事件处理代码
+ *
* @param content 需要滤除的字符串
* @return 过滤的结果
*/
@@ -49,33 +50,54 @@ public class XssUtils {
}
public static String filterHtmlCode(String content) {
- if(StringUtils.isBlank(content)) {
- return content;
+ if (StringUtils.isBlank(content)) {
+ return content;
}
// 拿到匹配的pre标签List
- List resultFindAll = ReUtil.findAll(regex, content, 0, new ArrayList<>());
+ List resultFindAll = ReUtil.findAll(REGEX_CODE, content, 0, new ArrayList<>());
// size大于0,就做替换
if (resultFindAll.size() > 0) {
- // 生成一个待替换唯一字符串
- String preTagReplace = UUID.randomUUID().toString() + System.currentTimeMillis();
- // 判断替换字符串是否唯一
- while (ReUtil.findAll(preTagReplace, content, 0, new ArrayList<>()).size() > 0) {
- preTagReplace = UUID.randomUUID().toString() + System.currentTimeMillis();
- }
- Pattern pattern = Pattern.compile(preTagReplace);
+ String uniqueUUID = searchUniqueUUID(content);
+
+ // 替换所有$为uniqueUUID
+ content = ReUtil.replaceAll(content, "\\$", uniqueUUID);
+
+ // pre标签替换字符串
+ String replaceStr = uniqueUUID + uniqueUUID;
+
// 替换pre标签内容
- String preFilter = ReUtil.replaceAll(content, regex, preTagReplace);
+ String preFilter = ReUtil.replaceAll(content, REGEX_CODE, replaceStr);
+
// 拦截xss
final String[] filterResult = {replaceHtmlCode(preFilter)};
// 依次将替换后的pre标签换回来
- resultFindAll.forEach(obj -> filterResult[0] = ReUtil.replaceFirst(pattern, filterResult[0], obj));
- return filterResult[0];
+ Pattern pattern = Pattern.compile(replaceStr);
+ resultFindAll.forEach(obj -> {
+ obj = ReUtil.replaceAll(obj, "\\$", uniqueUUID);
+ filterResult[0] = ReUtil.replaceFirst(pattern, filterResult[0], obj);
+ });
+
+ // 将$换回来
+ return ReUtil.replaceAll(filterResult[0], uniqueUUID, "$");
} else {
return replaceHtmlCode(content);
}
}
+ /**
+ * @param content 待查找内容
+ * @return
+ */
+ public static String searchUniqueUUID(String content) {
+ // 生成一个待替换唯一字符串
+ String uniqueUUID = UUID.randomUUID().toString();
+ // 判断替换字符串是否唯一
+ while (ReUtil.findAll(uniqueUUID, content, 0, new ArrayList<>()).size() > 0) {
+ uniqueUUID = UUID.randomUUID().toString();
+ }
+ return uniqueUUID;
+
+ }
+
}
-
-
diff --git a/src/test/java/com/rymcu/forest/utils/TestFileMd5.java b/src/test/java/com/rymcu/forest/utils/TestFileMd5.java
deleted file mode 100644
index 17fe9f0..0000000
--- a/src/test/java/com/rymcu/forest/utils/TestFileMd5.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package com.rymcu.forest.utils;
-
-import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.core.io.Resource;
-import org.springframework.util.DigestUtils;
-
-import static org.junit.jupiter.api.Assertions.assertEquals;
-
-// 仅运行指定类
-@SpringBootTest(classes = TestFileMd5.class)
-public class TestFileMd5 {
-
-
- @Value("classpath:1.txt")
- private Resource testFile;
-
- /**
- * c6c26c7e8a5eb493b14e84bd91df60e3
- * d41d8cd98f00b204e9800998ecf8427e
- *
- * @throws Exception
- */
- @Test
- public void test() throws Exception {
- String md5 = DigestUtils.md5DigestAsHex(testFile.getInputStream());
- assertEquals("202cb962ac59075b964b07152d234b70", md5);
- }
-}