xxs

2019-08-30 18:46:40 +08:00 · 2019-08-30 18:46:40 +08:00 · 212b6b1541
parent c8be6e2f02
commit 212b6b1541
2 changed files with 12 additions and 11 deletions
--- a/src/main/java/net/mingsoft/config/WebConfig.java
+++ b/src/main/java/net/mingsoft/config/WebConfig.java
@ -150,16 +150,16 @@ public class WebConfig implements WebMvcConfigurer {
 		return new DefaultPointcutAdvisor(druidStatPointcut(), druidStatInterceptor());
 	}

-//	 /**
-//	 * xssFilter注册
-//	 */
-//	 @Bean
-//	 public FilterRegistrationBean xssFilterRegistration() {
-//	 XSSEscapeFilter xssFilter = new XSSEscapeFilter();
-//	 FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
-//	 registration.addUrlPatterns("/*");
-//	 return registration;
-//	 }
+    @Bean
+    public FilterRegistrationBean xssFilterRegistration() {
+        XSSEscapeFilter xssFilter = new XSSEscapeFilter();
+        FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
+        xssFilter.excludes.add(".*file/upload.do");
+        xssFilter.excludes.add(".*/jsp/editor.do");
+        registration.addUrlPatterns("/*");
+
+        return registration;
+    }

 	/**
 	 * RequestContextListener注册
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -12,7 +12,8 @@ ms:
  view-path: /WEB-INF/manager
  
 upload: 
-   path: /upload 
+   path: /upload
+   mapping: /upload/**
   denied: .exe,.jsp
   allowed: jpg
   max-size: 1