Skip to content

MaxKey
MaxKey

yujianwangzivayy / MaxKey
与 Fork 源项目一致

Fork自 MaxKey单点登录官方(MaxKeyTop) / MaxKey

通知 1
Star 0
Fork 0
MaxKey
MaxKey

体验新版 GitCode,发现更多精彩内容 >>

提交 a9a6fa93 编写于 作者: M MaxKey
浏览文件
操作

Update WebXssRequestFilter.java

上级 41ad5e9b
隐藏空白更改
内联 并排
Showing with 4 addition and 2 deletion
maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
浏览文件 @ a9a6fa93
......@@ -27,8 +27,10 @@ public class WebXssRequestFilter extends GenericFilterBean {
String key = (String) parameterNames.nextElement();
String value = request.getParameter(key);
_logger.trace("parameter name "+key +" , value " + value);
if(!StringEscapeUtils.escapeHtml4(value).equals(value)
||value.toLowerCase().indexOf("script")>-1) {
String tempValue = value.toLowerCase().replace(" ", "");
if(!StringEscapeUtils.escapeHtml4(tempValue).equals(value)
||tempValue.indexOf("script")>-1
||tempValue.indexOf("eval(")>-1) {
isWebXss = true;
_logger.error("parameter name "+key +" , value " + value
+ ", contains dangerous content ! ");
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册