【修改】xss转义问题

src/main/java/io/office/common/xss/HTMLFilter.java

@@ -228,10 +228,9 @@ public final class HTMLFilter {
         s = processRemoveBlanks(s);
         debug("processRemoveBlanks: " + s);
 
-        s = validateEntities(s);
-        debug("    validateEntites: " + s);
+       // s = validateEntities(s);
+        //debug("    validateEntites: " + s);
 
-        debug("************************************************\n\n");
         return s;
     }
 
@@ -464,7 +463,7 @@ public final class HTMLFilter {
         m.appendTail(buf);
         s = buf.toString();
 
-        s = validateEntities(s);
+        //s = validateEntities(s);
         return s;
     }
 
@@ -472,13 +471,13 @@ public final class HTMLFilter {
         StringBuffer buf = new StringBuffer();
 
         // validate entities throughout the string
-        Matcher m = P_VALID_ENTITIES.matcher(s);
-        while (m.find()) {
-            final String one = m.group(1); //([^&;]*)
-            final String two = m.group(2); //(?=(;|&|$))
-            m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two)));
-        }
-        m.appendTail(buf);
+        //Matcher m = P_VALID_ENTITIES.matcher(s);
+        //while (m.find()) {
+        //    final String one = m.group(1); //([^&;]*)
+        //    final String two = m.group(2); //(?=(;|&|$))
+        //    m.appendReplacement(buf, Matcher.quoteReplacement(checkEntity(one, two)));
+        //}
+        //m.appendTail(buf);
 
         return encodeQuotes(buf.toString());
     }

src/main/java/io/office/modules/manage/service/impl/LogLoginServiceImpl.java

@@ -294,6 +294,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity
         //是不是条码卡登录  1是  0 否
         String isCardNumberLogin = String.valueOf(params.get("isCardNumberLogin") == null ? "0" : params.get("isCardNumberLogin"));
         if (StrUtil.equals("1", isCardNumberLogin)) {
+            log.info("{},{}",userName,passWord);
             String phoen_M = DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt(userName.getBytes(), DESNewUtils.Key.getBytes()));
             String passwrod_M = DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt(passWord.getBytes(), DESNewUtils.Key.getBytes()));
             String url = "http://219.232.114.68:8088/api/AppUserLogin/AppLoginOrCenterLogin?username=" + phoen_M + "&pwd=" + passwrod_M + "&source=ancc";
@@ -482,7 +483,7 @@ public class LogLoginServiceImpl extends ServiceImpl<LogLoginDao, LogLoginEntity
         }
 
 
-        System.out.println(MD5Util.unicodeToString("440220aa487a592881324212d7c9ef6f"));
+        System.out.println(MD5Util.unicodeToString("1bbd886460827015e5d605ed44252251"));
         System.out.println(DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt("1165004".getBytes(), DESUtils.Key.getBytes())));
         System.out.println(DESUtils.byteToHexString(DESUtils.DES_CBC_Encrypt("GS1_20201013".getBytes(), DESUtils.Key.getBytes())));
     }