Skip to content

MaxKey
MaxKey

MaxKey单点登录官方(MaxKeyTop) / MaxKey
11 个月 前同步成功

通知 76
Star 3
Fork 1
MaxKey
MaxKey

体验新版 GitCode,发现更多精彩内容 >>

提交 900818e0 编写于 作者: M MaxKey
浏览文件
操作

Update WebXssRequestFilter.java

上级 cd0ea068
隐藏空白更改
内联 并排
Showing with 3 addition and 3 deletion
maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
浏览文件 @ 900818e0
......@@ -27,10 +27,10 @@ public class WebXssRequestFilter extends GenericFilterBean {
String key = (String) parameterNames.nextElement();
String value = request.getParameter(key);
_logger.trace("parameter name "+key +" , value " + value);
String tempValue = value.toLowerCase().replace(" ", "");
String tempValue = value;
if(!StringEscapeUtils.escapeHtml4(tempValue).equals(value)
||tempValue.indexOf("script")>-1
||tempValue.indexOf("eval(")>-1) {
||tempValue.toLowerCase().indexOf("script")>-1
||tempValue.toLowerCase().replace(" ", "").indexOf("eval(")>-1) {
isWebXss = true;
_logger.error("parameter name "+key +" , value " + value
+ ", contains dangerous content ! ");
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册