规范参数命名

2021-11-14 15:42:43 +08:00 · 2021-11-14 15:42:43 +08:00 · 31728300e1
commit 31728300e1
parent 1d317998af
1 changed files with 2 additions and 1 deletions
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@ -32,6 +32,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {

    /**
     * xss过滤参数
+     *
     * @todo 这里的参数应该更智能些，例如iv，前端的参数包含这两个字母就会放过，这是有问题的
     */
    private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
@ -232,7 +233,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
     * @return 参数值
     */
    private String filterXss(String name, String value) {
-        if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), ignoreField)) {
+        if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), IGNORE_FIELD)) {
            // 忽略的处理，（过滤敏感字符）
            return HtmlUtil.filter(value);
        } else {