Commit 6872b5a3 by 吴迪

【修改】xss转义问题

parent 174d8847
......@@ -228,10 +228,9 @@ public final class HTMLFilter {
s = processRemoveBlanks(s);
debug("processRemoveBlanks: " + s);
s = validateEntities(s);
debug(" validateEntites: " + s);
// s = validateEntities(s);
//debug(" validateEntites: " + s);
debug("************************************************\n\n");
return s;
}
......@@ -464,7 +463,7 @@ public final class HTMLFilter {
m.appendTail(buf);
s = buf.toString();
s = validateEntities(s);
//s = validateEntities(s);
return s;
}
......@@ -472,13 +471,13 @@ public final class HTMLFilter {
StringBuffer buf = new StringBuffer();
// validate entities throughout the string
Matcher m = P_VALID_ENTITIES.matcher(s);
while (m.find()) {
final String one = m.group(1); //([^&;]*)
final String two = m.group(2); //(?=(;|&|$))
m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two)));
}
m.appendTail(buf);
//Matcher m = P_VALID_ENTITIES.matcher(s);
//while (m.find()) {
// final String one = m.group(1); //([^&;]*)
// final String two = m.group(2); //(?=(;|&|$))
// m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two)));
//}
//m.appendTail(buf);
return encodeQuotes(buf.toString());
}
......@@ -527,4 +526,4 @@ public final class HTMLFilter {
private boolean allowedAttribute(final String name, final String paramName) {
return allowed(name) && (vAllowed.isEmpty() || vAllowed.get(name).contains(paramName));
}
}
\ No newline at end of file
}
......@@ -294,6 +294,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity
//是不是条码卡登录 1是 0 否
String isCardNumberLogin = String.valueOf(params.get("isCardNumberLogin") == null ? "0" : params.get("isCardNumberLogin"));
if (StrUtil.equals("1", isCardNumberLogin)) {
log.info("{},{}",userName,passWord);
String phoen_M = DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt(userName.getBytes(), DESNewUtils.Key.getBytes()));
String passwrod_M = DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt(passWord.getBytes(), DESNewUtils.Key.getBytes()));
String url = "http://219.232.114.68:8088/api/AppUserLogin/AppLoginOrCenterLogin?username=" + phoen_M + "&pwd=" + passwrod_M + "&source=ancc";
......@@ -482,7 +483,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity
}
System.out.println(MD5Util.unicodeToString("440220aa487a592881324212d7c9ef6f"));
System.out.println(MD5Util.unicodeToString("1bbd886460827015e5d605ed44252251"));
System.out.println(DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt("1165004".getBytes(), DESUtils.Key.getBytes())));
System.out.println(DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt("GS1_20201013".getBytes(), DESUtils.Key.getBytes())));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment