【修改】xss转义问题

6872b5a3 · 吴迪 · 174d8847 · 6872b5a3 · 6872b5a3
Commit 6872b5a3 authored Oct 15, 2024 by 吴迪
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 14 deletions

HTMLFilter.java src/main/java/io/office/common/xss/HTMLFilter.java +11 -13

LogLoginServiceImpl.java ...fice/modules/manage/service/impl/LogLoginServiceImpl.java +2 -1

No files found.
--- a/src/main/java/io/office/common/xss/HTMLFilter.java
+++ b/src/main/java/io/office/common/xss/HTMLFilter.java
@@ -228,10 +228,9 @@ public final class HTMLFilter {
        s = processRemoveBlanks(s);
        debug("processRemoveBlanks: " + s);

-        s = validateEntities(s);
-        debug("    validateEntites: " + s);
+       // s = validateEntities(s);
+        //debug("    validateEntites: " + s);

-        debug("************************************************\n\n");
        return s;
    }

@@ -464,7 +463,7 @@ public final class HTMLFilter {
        m.appendTail(buf);
        s = buf.toString();

-        s = validateEntities(s);
+        //s = validateEntities(s);
        return s;
    }

@@ -472,13 +471,13 @@ public final class HTMLFilter {
        StringBuffer buf = new StringBuffer();

        // validate entities throughout the string
-        Matcher m = P_VALID_ENTITIES.matcher(s);
-        while (m.find()) {
-            final String one = m.group(1); //([^&;]*)
-            final String two = m.group(2); //(?=(;|&|$))
-            m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two)));
-        }
-        m.appendTail(buf);
+        //Matcher m = P_VALID_ENTITIES.matcher(s);
+        //while (m.find()) {
+        //    final String one = m.group(1); //([^&;]*)
+        //    final String two = m.group(2); //(?=(;|&|$))
+        //    m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two)));
+        //}
+        //m.appendTail(buf);

        return encodeQuotes(buf.toString());
    }
@@ -527,4 +526,4 @@ public final class HTMLFilter {
    private boolean allowedAttribute(final String name, final String paramName) {
        return allowed(name) && (vAllowed.isEmpty() || vAllowed.get(name).contains(paramName));
    }
-}
\ No newline at end of file
+}
--- a/src/main/java/io/office/modules/manage/service/impl/LogLoginServiceImpl.java
+++ b/src/main/java/io/office/modules/manage/service/impl/LogLoginServiceImpl.java
@@ -294,6 +294,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity
        //是不是条码卡登录  1是  0 否
        String isCardNumberLogin = String.valueOf(params.get("isCardNumberLogin") == null ? "0" : params.get("isCardNumberLogin"));
        if (StrUtil.equals("1", isCardNumberLogin)) {
+            log.info("{},{}",userName,passWord);
            String phoen_M = DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt(userName.getBytes(), DESNewUtils.Key.getBytes()));
            String passwrod_M = DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt(passWord.getBytes(), DESNewUtils.Key.getBytes()));
            String url = "http://219.232.114.68:8088/api/AppUserLogin/AppLoginOrCenterLogin?username=" + phoen_M + "&pwd=" + passwrod_M + "&source=ancc";
@@ -482,7 +483,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity
        }


-        System.out.println(MD5Util.unicodeToString("440220aa487a592881324212d7c9ef6f"));
+        System.out.println(MD5Util.unicodeToString("1bbd886460827015e5d605ed44252251"));
        System.out.println(DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt("1165004".getBytes(), DESUtils.Key.getBytes())));
        System.out.println(DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt("GS1_20201013".getBytes(), DESUtils.Key.getBytes())));
    }