admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-08 09:58:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update WebXssRequestFilter.java

Browse Source
This commit is contained in:
MaxKey 2021-03-25 22:44:01 +08:00
parent 41ad5e9b32
commit a9a6fa934b
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
View File

@ -27,8 +27,10 @@ public class WebXssRequestFilter extends GenericFilterBean {
String key = (String) parameterNames.nextElement();
String value = request.getParameter(key);
_logger.trace("parameter name "+key +" , value " + value);
if(!StringEscapeUtils.escapeHtml4(value).equals(value)
||value.toLowerCase().indexOf("script")>-1) {
String tempValue = value.toLowerCase().replace(" ", "");
if(!StringEscapeUtils.escapeHtml4(tempValue).equals(value)
||tempValue.indexOf("script")>-1
||tempValue.indexOf("eval(")>-1) {
isWebXss = true;
_logger.error("parameter name "+key +" , value " + value
+ ", contains dangerous content ! ");