🐯 优化xss

springboot-plus · springboot-plus · commit 04ddff9bf19b · 2019-10-14T09:55:19.000+08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,24 +4,35 @@
 ## [V1.3.1-RELEASE] 2019.10.15
 
 ###  ⭐️  New Features
-
+- Xss跨站脚本工具处理
+- CORS跨域配置
 
 ### ⚡️ Optimization
-
+- 代码生成器可自定义配置生成哪些文件
+- 请求路径filter配置，配置文件属性名称调整
+- Aop切点优化，`Aop` JSON参数输出优化
+- 可配置是否生成`Validation`验证代码
+- 优化`controller`,`entity`模版生成
+- 优化代码生成器 CodeGenerator
+- 调整 `aop`, `filter`,`interceptor`,`controller`,`param`,`vo`代码目录结构
 
 ### 📝 Added/Modified
-
+- Add `XssFilter`,`XssHttpServletRequestWrapper`,`XssJacksonDeserializer`,`XssJacksonSerializer`
+- Add `SpringBootPlusCorsProperties`
+- Update `JacksonConfig`
+- Update `LogAop`,`RequestPathFilter`,`ShiroConfig`
 
 ### 🐞  Bug Fixes
-
+- fix druid控制面板无法访问问题
 
 ### 📔  Documentation
-
+- [https://springboot.plus/guide/xss.html](https://springboot.plus/guide/xss.html)
+- [https://springboot.plus/guide/cors.html](https://springboot.plus/guide/cors.html)
 
 ### 🔨 Dependency Upgrades
 - Upgrade to `spring-boot` 2.1.9.RELEASE
 - Upgrade to `Fastjson` 1.2.62
-
+- Add `commons-text` 1.8
 
 ## [V1.3.0-RELEASE] 2019.10.06
 
diff --git a/src/main/java/io/geekidea/springbootplus/xss/XssHttpServletRequestWrapper.java b/src/main/java/io/geekidea/springbootplus/xss/XssHttpServletRequestWrapper.java
@@ -37,14 +37,12 @@ public XssHttpServletRequestWrapper(HttpServletRequest request) {
 
     @Override
     public String getQueryString() {
-        String value = super.getQueryString();
-        return StringEscapeUtils.escapeHtml4(value);
+        return StringEscapeUtils.escapeHtml4(super.getQueryString());
     }
 
     @Override
     public String getParameter(String name) {
-        String value = super.getParameter(name);
-        return StringEscapeUtils.escapeHtml4(value);
+        return StringEscapeUtils.escapeHtml4(super.getParameter(name));
     }
 
     @Override
@@ -56,8 +54,7 @@ public String[] getParameterValues(String name) {
         int length = values.length;
         String[] escapeValues = new String[length];
         for (int i = 0; i < length; i++) {
-            String value = values[i];
-            escapeValues[i] = StringEscapeUtils.escapeHtml4(value);
+            escapeValues[i] = StringEscapeUtils.escapeHtml4(values[i]);
         }
         return escapeValues;
     }

Original file line number	Diff line number	Diff line change
`@@ -37,14 +37,12 @@ public XssHttpServletRequestWrapper(HttpServletRequest request) {`
`37`	`37`
`38`	`38`	`@Override`
`39`	`39`	`public String getQueryString() {`
`40`		`- String value = super.getQueryString();`
`41`		`- return StringEscapeUtils.escapeHtml4(value);`
	`40`	`+ return StringEscapeUtils.escapeHtml4(super.getQueryString());`
`42`	`41`	`}`
`43`	`42`
`44`	`43`	`@Override`
`45`	`44`	`public String getParameter(String name) {`
`46`		`- String value = super.getParameter(name);`
`47`		`- return StringEscapeUtils.escapeHtml4(value);`
	`45`	`+ return StringEscapeUtils.escapeHtml4(super.getParameter(name));`
`48`	`46`	`}`
`49`	`47`
`50`	`48`	`@Override`
`@@ -56,8 +54,7 @@ public String[] getParameterValues(String name) {`
`56`	`54`	`int length = values.length;`
`57`	`55`	`String[] escapeValues = new String[length];`
`58`	`56`	`for (int i = 0; i < length; i++) {`
`59`		`- String value = values[i];`
`60`		`- escapeValues[i] = StringEscapeUtils.escapeHtml4(value);`
	`57`	`+ escapeValues[i] = StringEscapeUtils.escapeHtml4(values[i]);`
`61`	`58`	`}`
`62`	`59`	`return escapeValues;`
`63`	`60`	`}`