小说发布防xss攻击

novel-front/src/main/resources/templates/book/book_content.html

@@ -2,7 +2,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.w3.org/1999/xhtml">
 <head th:replace="common/header :: common_head(~{::title},~{::meta},~{::link})">
-    <title th:text="${book.bookName}+'_'+${bookIndex.indexName}+'_'+#{website.name}"></title>
+    <title th:utext="${book.bookName}+'_'+${bookIndex.indexName}+'_'+#{website.name}"></title>
     <meta name="keywords" th:content="${book.bookName}+'官方首发,'+${book.bookName}+'小说,'+${book.bookName}+'最新章节,'+${book.bookName}+'txt下载,'+${book.bookName}+'无弹窗,'+${book.bookName}+'吧,'+${book.bookName}+'离线完本'" />
     <meta name="description" th:content="${book.bookName}+','+${book.bookName}+'小说阅读,'+#{website.name}+'提供'+${book.bookName}+'首发最新章节及txt下载,'+${book.bookName}+'最新更新章节,精彩尽在'+#{website.name}+'。'" />
     <link rel="stylesheet" href="/css/read.css" />
@@ -74,7 +74,7 @@
             <div class="readWrap">
                 <div class="bookNav">
                     <a href="/" >首页 </a>&gt; <a th:href="'/book/bookclass.html?c='+${book.catId}" th:text="${book.catName}">
-                </a>&gt; <a th:href="'/book/'+${book.id}+'.html'" th:text="${book.bookName}">
+                </a>&gt; <a th:href="'/book/'+${book.id}+'.html'" th:utext="${book.bookName}">
 
                 </a>
                 </div>
@@ -82,11 +82,11 @@
                     <div class="textbox cf">
 
                         <div class="book_title">
-                            <h1 th:text="${bookIndex.indexName}">
+                            <h1 th:utext="${bookIndex.indexName}">
                                 </h1>
                             <div class="textinfo">
                                 类别：<a th:href="'/book/bookclass.html?c='+${book.catId}" th:text="${book.catName}"></a>
-                                作者：<a th:href="'javascript:searchByK(\''+${book.authorName}+'\')'" th:text="${book.authorName}"></a><span th:text="'字数：'+${bookIndex.wordCount}"></span><span th:text="'更新时间：'+${#dates.format(bookIndex.updateTime, 'yy/MM/dd HH:mm:ss')}"></span>
+                                作者：<a th:href="'javascript:searchByK(\''+${book.authorName}+'\')'" th:utext="${book.authorName}"></a><span th:text="'字数：'+${bookIndex.wordCount}"></span><span th:text="'更新时间：'+${#dates.format(bookIndex.updateTime, 'yy/MM/dd HH:mm:ss')}"></span>
                             </div>
                         </div>
                         <div class="txtwrap" th:if="${needBuy}">

novel-front/src/main/resources/templates/book/book_detail.html

@@ -2,7 +2,7 @@
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head th:replace="common/header :: common_head(~{::title},~{::meta},~{::link})">
-    <title th:text="${book.bookName}+'_'+${book.authorName}+'_'+${book.bookName}+'txt下载'+'_'+${book.bookName}+'无弹窗_'+#{website.name}"></title>
+    <title th:utext="${book.bookName}+'_'+${book.authorName}+'_'+${book.bookName}+'txt下载'+'_'+${book.bookName}+'无弹窗_'+#{website.name}"></title>
     <meta name="keywords"
           th:content="${book.bookName}+'官方首发,'+${book.bookName}+'小说,'+${book.bookName}+'最新章节'+${book.bookName}+'txt下载,'+${book.bookName}+'无弹窗,'+${book.bookName}+'吧,'+${book.bookName}+'离线完本'"/>
     <meta name="description"
@@ -31,8 +31,8 @@
                                                       th:attr="alt=${book.bookName}"/></a>
             <div class="book_info">
                 <div class="tit">
-                    <h1 th:text="${book.bookName}"></h1><!--<i class="vip_b">VIP</i>--><a class="author"
-                                                                                          th:text="${book.authorName}+' 著'"></a>
+                    <h1 th:utext="${book.bookName}"></h1><!--<i class="vip_b">VIP</i>--><a class="author"
+                                                                                          th:utext="${book.authorName}+' 著'"></a>
                 </div>
                 <ul class="list">
                     <li><span class="item">类别：<em th:text="${book.catName}"></em></span>
@@ -70,7 +70,7 @@
                         </div>
                         <ul class="list cf">
                             <li>
-                                <span class="fl font16"> <a th:href="'/book/'+${book.id}+'/'+${book.lastIndexId}+'.html'" th:text="${book.lastIndexName}"><!--<i class="vip">VIP</i>--></a></span>
+                                <span class="fl font16"> <a th:href="'/book/'+${book.id}+'/'+${book.lastIndexId}+'.html'" th:utext="${book.lastIndexName}"><!--<i class="vip">VIP</i>--></a></span>
                                 <span class="black9 fr"
                                       th:text="'更新时间：'+${#dates.format(book.lastIndexUpdateTime, 'yy/MM/dd HH:mm:ss')}"></span>
                             </li>
@@ -143,7 +143,7 @@
                     <div class="msg">
                         <span class="icon_qyzz">签约作家</span>
                         <h4><a th:href="'javascript:searchByK(\''+${book.authorName}+'\')'"
-                               th:text="${book.authorName}"></a></h4>
+                               th:utext="${book.authorName}"></a></h4>
                     </div>
                 </div>
                 <div class="author_intro cf">

novel-front/src/main/resources/templates/book/book_index.html

@@ -2,7 +2,7 @@
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head th:replace="common/header :: common_head(~{::title},~{::meta},~{::link})">
-    <title th:text="${book.bookName}+'目录,'+${book.bookName}+'最新章节列表_'+#{website.name}"></title>
+    <title th:utext="${book.bookName}+'目录,'+${book.bookName}+'最新章节列表_'+#{website.name}"></title>
     <meta name="keywords" th:content="${book.bookName}+','+${book.bookName}+'目录,'+${book.bookName}+'最新章节列表'"/>
     <meta name="description"
           th:content="#{website.name}+'小说为您提供'+${book.bookName}+'目录,'+${book.bookName}+'最新章节列表,'+${book.bookName}+'全文阅读,'+${book.bookName}+'免费阅读,'+${book.bookName}+'下载'"/>
@@ -26,11 +26,11 @@
             <div class="bookCover cf">
                 <div class="book_info1">
                     <div class="tit">
-                        <h1 th:text="${book.bookName}"></h1><!--<i class="vip_b">VIP</i>-->
+                        <h1 th:utext="${book.bookName}"></h1><!--<i class="vip_b">VIP</i>-->
                     </div>
                     <ul class="list">
                         <li>
-                            <span>作者：<a href="javascript:void(0)" th:text="${book.authorName}"></a></span>
+                            <span>作者：<a href="javascript:void(0)" th:utext="${book.authorName}"></a></span>
                             <span>类别：<a th:href="'/book/bookclass.html?c='+${book.catId}" th:text="${book.catName}"></a></span>
                             <span th:switch="${book.bookStatus}">状态：<em class="black3" th:case="'0'">连载中</em><em class="black3"
                                                                                   th:case="*">已完结</em></span>
@@ -45,7 +45,7 @@
                 <div class="dirList">
                     <ul th:each="bookIndex : ${bookIndexList}">
                         <li><a th:if="${bookIndex.isVip} != '1'" th:href="'/book/'+${book.id}+'/'+${bookIndex.id}+'.html'" >
-                            <span th:text="${bookIndex.indexName}"></span><i class="red" > [免费]</i>
+                            <span th:utext="${bookIndex.indexName}"></span><i class="red" > [免费]</i>
                         </a>
                             <a th:if="${bookIndex.isVip} == '1'" th:href="'/book/'+${book.id}+'/'+${bookIndex.id}+'.html'" th:text="${bookIndex.indexName}">
                             </a></li>