diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java index 4a425c501..190f94eab 100644 --- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java +++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java @@ -14,6 +14,7 @@ import jakarta.servlet.http.HttpServletRequestWrapper; import java.io.ByteArrayInputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; +import java.util.Map; /** * XSS过滤处理 @@ -28,6 +29,33 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { super(request); } + @Override + public String getParameter(String name) { + String value = super.getParameter(name); + if (value != null) { + return HtmlUtil.cleanHtmlTag(value).trim(); + } + return value; + } + + @Override + public Map getParameterMap() { + Map valueMap = super.getParameterMap(); + for (Map.Entry entry : valueMap.entrySet()) { + String[] values = entry.getValue(); + if (values != null) { + int length = values.length; + String[] escapseValues = new String[length]; + for (int i = 0; i < length; i++) { + // 防xss攻击和过滤前后空格 + escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim(); + } + valueMap.put(entry.getKey(), escapseValues); + } + } + return valueMap; + } + @Override public String[] getParameterValues(String name) { String[] values = super.getParameterValues(name); @@ -40,7 +68,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { } return escapseValues; } - return super.getParameterValues(name); + return values; } @Override