From ebf79865f0571ac5e14b6858d18ff5d872fbc5f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=81=B0=E8=89=B2DT?= <995959152@qq.com> Date: Tue, 13 Aug 2019 15:23:56 +0800 Subject: [PATCH 1/4] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20application.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/resources/application.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 60bc8cdf..ff0cc3be 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -13,7 +13,7 @@ ms: upload: path: /upload - denied: exe + denied: .exe,.jsp allowed: jpg max-size: 1 memory-size: 4096 From 3c2ce021e51c212dd44c22edf725cafae064cd5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=81=B0=E8=89=B2DT?= <995959152@qq.com> Date: Tue, 13 Aug 2019 20:40:43 +0800 Subject: [PATCH 2/4] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20WebConfig.java?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/net/mingsoft/config/WebConfig.java | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/main/java/net/mingsoft/config/WebConfig.java b/src/main/java/net/mingsoft/config/WebConfig.java index 98e22e95..4696cfdb 100644 --- a/src/main/java/net/mingsoft/config/WebConfig.java +++ b/src/main/java/net/mingsoft/config/WebConfig.java @@ -3,6 +3,7 @@ package net.mingsoft.config; import java.io.File; import org.springframework.aop.Advisor; +import net.mingsoft.basic.filter.XSSEscapeFilter; import org.springframework.aop.support.DefaultPointcutAdvisor; import org.springframework.aop.support.JdkRegexpMethodPointcut; import org.springframework.boot.web.servlet.FilterRegistrationBean; @@ -131,18 +132,17 @@ public class WebConfig implements WebMvcConfigurer { return new DefaultPointcutAdvisor(druidStatPointcut(), druidStatInterceptor()); } - // /** - // * xssFilter注册 - // */ - // @Bean - // public FilterRegistrationBean xssFilterRegistration() { - // XssFilter xssFilter = new XssFilter(); - // xssFilter.setUrlExclusion(Arrays.asList("/static/")); - // FilterRegistrationBean registration = new - // FilterRegistrationBean(xssFilter); - // registration.addUrlPatterns("/*"); - // return registration; - // } + /** + * xssFilter注册 + */ + @Bean + public FilterRegistrationBean xssFilterRegistration() { + XSSEscapeFilter xssFilter = new XSSEscapeFilter(); + FilterRegistrationBean registration = new + FilterRegistrationBean(xssFilter); + registration.addUrlPatterns("/*"); + return registration; + } /** * RequestContextListener注册 From 0c3f9794c778c8e6b68e80071f57d9fb617443b2 Mon Sep 17 00:00:00 2001 From: sgjj Date: Tue, 13 Aug 2019 20:46:39 +0800 Subject: [PATCH 3/4] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E9=98=B2xss=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/net/mingsoft/config/WebConfig.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/net/mingsoft/config/WebConfig.java b/src/main/java/net/mingsoft/config/WebConfig.java index 4696cfdb..cc594b98 100644 --- a/src/main/java/net/mingsoft/config/WebConfig.java +++ b/src/main/java/net/mingsoft/config/WebConfig.java @@ -138,8 +138,7 @@ public class WebConfig implements WebMvcConfigurer { @Bean public FilterRegistrationBean xssFilterRegistration() { XSSEscapeFilter xssFilter = new XSSEscapeFilter(); - FilterRegistrationBean registration = new - FilterRegistrationBean(xssFilter); + FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter); registration.addUrlPatterns("/*"); return registration; } From 23ad3156670e0cfacb14efe617fe428d17f418f6 Mon Sep 17 00:00:00 2001 From: sgjj Date: Wed, 14 Aug 2019 16:58:58 +0800 Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=83=A8=E5=88=86?= =?UTF-8?q?=E8=83=8C=E6=99=AF=E6=97=A0=E6=B3=95=E6=98=BE=E7=A4=BA=E7=9A=84?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/webapp/templets/1/default/about.htm | 2 +- src/main/webapp/templets/1/default/advice.htm | 2 +- src/main/webapp/templets/1/default/case-list.htm | 2 +- src/main/webapp/templets/1/default/news-show.htm | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/webapp/templets/1/default/about.htm b/src/main/webapp/templets/1/default/about.htm index f3d2e158..891e1c5c 100644 --- a/src/main/webapp/templets/1/default/about.htm +++ b/src/main/webapp/templets/1/default/about.htm @@ -6,7 +6,7 @@ <#include "head.htm"/> -
+
diff --git a/src/main/webapp/templets/1/default/advice.htm b/src/main/webapp/templets/1/default/advice.htm index 6692bd99..152a01f9 100644 --- a/src/main/webapp/templets/1/default/advice.htm +++ b/src/main/webapp/templets/1/default/advice.htm @@ -5,7 +5,7 @@ <#include "head.htm"/> -
+
diff --git a/src/main/webapp/templets/1/default/case-list.htm b/src/main/webapp/templets/1/default/case-list.htm index 732de938..7fb73957 100644 --- a/src/main/webapp/templets/1/default/case-list.htm +++ b/src/main/webapp/templets/1/default/case-list.htm @@ -6,7 +6,7 @@ <#include "head.htm"/> -
+
diff --git a/src/main/webapp/templets/1/default/news-show.htm b/src/main/webapp/templets/1/default/news-show.htm index 71b5e827..474d4d1a 100644 --- a/src/main/webapp/templets/1/default/news-show.htm +++ b/src/main/webapp/templets/1/default/news-show.htm @@ -8,7 +8,7 @@ <#include "head.htm"> -
+