!184 xxs

Merge pull request !184 from 灰色DT/4.7.2
2019-08-31 08:17:00 +08:00 · 2019-08-31 08:17:00 +08:00 · 9e238aa6a0
parent aaf420b60c 212b6b1541
commit 9e238aa6a0
2 changed files with 12 additions and 11 deletions
--- a/src/main/java/net/mingsoft/config/WebConfig.java
+++ b/src/main/java/net/mingsoft/config/WebConfig.java
@ -150,16 +150,16 @@ public class WebConfig implements WebMvcConfigurer {
 		return new DefaultPointcutAdvisor(druidStatPointcut(), druidStatInterceptor());
 	}

-//	 /**
-//	 * xssFilter注册
-//	 */
-//	 @Bean
-//	 public FilterRegistrationBean xssFilterRegistration() {
-//	 XSSEscapeFilter xssFilter = new XSSEscapeFilter();
-//	 FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
-//	 registration.addUrlPatterns("/*");
-//	 return registration;
-//	 }
+    @Bean
+    public FilterRegistrationBean xssFilterRegistration() {
+        XSSEscapeFilter xssFilter = new XSSEscapeFilter();
+        FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
+        xssFilter.excludes.add(".*file/upload.do");
+        xssFilter.excludes.add(".*/jsp/editor.do");
+        registration.addUrlPatterns("/*");
+
+        return registration;
+    }

 	/**
 	 * RequestContextListener注册
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -12,7 +12,8 @@ ms:
  view-path: /WEB-INF/manager
  
 upload: 
-   path: /upload 
+   path: /upload
+   mapping: /upload/**
   denied: .exe,.jsp
   allowed: jpg
   max-size: 1