forgetest5
/
ifffff
mirror of https://gitee.com/maxjhandsome/pig
1
0
Fork 0
Code Issues Releases Wiki Activity

🔒 修复安全问题。xss debug 日志篡改问题,thx @粒仔

This commit is contained in:
冷冷 2018-07-21 18:13:53 +08:00
parent 98166f6b33
commit 579bc2c0c6
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pig-common/src/main/java/com/github/pig/common/bean/xss/HtmlFilter.java
View File

@ -23,6 +23,8 @@ import java.util.concurrent.ConcurrentMap;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.text.Normalizer;
import java.text.Normalizer.Form;
/**
* HTML filtering utility for protecting against XSS (Cross Site Scripting).
@ -222,10 +224,20 @@ public final class HtmlFilter {
private void debug(final String msg) {
if (vDebug) {
Logger.getAnonymousLogger().info(msg);
Logger.getAnonymousLogger().info(validMsg(msg));
}
}
/**
* valid msg
*
* @param msg
* @return encodeMsg
*/
public static String validMsg(String msg) {
String encodeMsg = Normalizer.normalize(msg, Form.NFKC);
encodeMsg = encodeMsg.replaceAll("(\r|\n|%0d|%0a)", "");
return encodeMsg;
}
/**
* my versions of some PHP library functions
*