规范参数命名
This commit is contained in:
Chopper
parent
1d317998af
commit
31728300e1
@ -32,6 +32,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* xss过滤参数
|
* xss过滤参数
|
||||||
|
*
|
||||||
* @todo 这里的参数应该更智能些,例如iv,前端的参数包含这两个字母就会放过,这是有问题的
|
* @todo 这里的参数应该更智能些,例如iv,前端的参数包含这两个字母就会放过,这是有问题的
|
||||||
*/
|
*/
|
||||||
private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
|
private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
|
||||||
@ -232,7 +233,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
|||||||
* @return 参数值
|
* @return 参数值
|
||||||
*/
|
*/
|
||||||
private String filterXss(String name, String value) {
|
private String filterXss(String name, String value) {
|
||||||
if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), ignoreField)) {
|
if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), IGNORE_FIELD)) {
|
||||||
// 忽略的处理,(过滤敏感字符)
|
// 忽略的处理,(过滤敏感字符)
|
||||||
return HtmlUtil.filter(value);
|
return HtmlUtil.filter(value);
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user