diff --git a/src/main/java/net/mingsoft/config/WebConfig.java b/src/main/java/net/mingsoft/config/WebConfig.java index 98e22e95..cc594b98 100644 --- a/src/main/java/net/mingsoft/config/WebConfig.java +++ b/src/main/java/net/mingsoft/config/WebConfig.java @@ -3,6 +3,7 @@ package net.mingsoft.config; import java.io.File; import org.springframework.aop.Advisor; +import net.mingsoft.basic.filter.XSSEscapeFilter; import org.springframework.aop.support.DefaultPointcutAdvisor; import org.springframework.aop.support.JdkRegexpMethodPointcut; import org.springframework.boot.web.servlet.FilterRegistrationBean; @@ -131,18 +132,16 @@ public class WebConfig implements WebMvcConfigurer { return new DefaultPointcutAdvisor(druidStatPointcut(), druidStatInterceptor()); } - // /** - // * xssFilter注册 - // */ - // @Bean - // public FilterRegistrationBean xssFilterRegistration() { - // XssFilter xssFilter = new XssFilter(); - // xssFilter.setUrlExclusion(Arrays.asList("/static/")); - // FilterRegistrationBean registration = new - // FilterRegistrationBean(xssFilter); - // registration.addUrlPatterns("/*"); - // return registration; - // } + /** + * xssFilter注册 + */ + @Bean + public FilterRegistrationBean xssFilterRegistration() { + XSSEscapeFilter xssFilter = new XSSEscapeFilter(); + FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter); + registration.addUrlPatterns("/*"); + return registration; + } /** * RequestContextListener注册 diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 60bc8cdf..ff0cc3be 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -13,7 +13,7 @@ ms: upload: path: /upload - denied: exe + denied: .exe,.jsp allowed: jpg max-size: 1 memory-size: 4096 diff --git a/src/main/webapp/templets/1/default/about.htm b/src/main/webapp/templets/1/default/about.htm index f3d2e158..891e1c5c 100644 --- a/src/main/webapp/templets/1/default/about.htm +++ b/src/main/webapp/templets/1/default/about.htm @@ -6,7 +6,7 @@ <#include "head.htm"/> -
+
diff --git a/src/main/webapp/templets/1/default/advice.htm b/src/main/webapp/templets/1/default/advice.htm index 6692bd99..152a01f9 100644 --- a/src/main/webapp/templets/1/default/advice.htm +++ b/src/main/webapp/templets/1/default/advice.htm @@ -5,7 +5,7 @@ <#include "head.htm"/> -
+
diff --git a/src/main/webapp/templets/1/default/case-list.htm b/src/main/webapp/templets/1/default/case-list.htm index 732de938..7fb73957 100644 --- a/src/main/webapp/templets/1/default/case-list.htm +++ b/src/main/webapp/templets/1/default/case-list.htm @@ -6,7 +6,7 @@ <#include "head.htm"/> -
+
diff --git a/src/main/webapp/templets/1/default/news-show.htm b/src/main/webapp/templets/1/default/news-show.htm index 71b5e827..474d4d1a 100644 --- a/src/main/webapp/templets/1/default/news-show.htm +++ b/src/main/webapp/templets/1/default/news-show.htm @@ -8,7 +8,7 @@ <#include "head.htm"> -
+