201206030/novel
1
0
Fork 0
mirror of https://github.com/201206030/novel.git synced 2025-04-27 07:30:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 解决 Json 格式请求参数的 XSS 攻击

Browse Source
This commit is contained in:
xiongxiaoyang 2022-05-21 08:26:20 +08:00
parent f0fc2d8e1e
commit 28a2717231
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/main/java/io/github/xxyopen/novel/core/json/deserializer/GlobalJsonDeserializer.java Normal file
View File

@ -0,0 +1,34 @@
package io.github.xxyopen.novel.core.json.deserializer;
import com.fasterxml.jackson.core.JacksonException;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import org.springframework.boot.jackson.JsonComponent;
import java.io.IOException;
/**
* JSON 全局反序列化器
*
* @author xiongxiaoyang
* @date 2022/5/21
*/
@JsonComponent
public class GlobalJsonDeserializer {
/**
* 字符串反序列化器
* 过滤特殊字符解决 XSS 攻击
*/
public static class StringDeserializer extends JsonDeserializer<String> {
@Override
public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException, JacksonException {
return jsonParser.getValueAsString()
.replace("<", "&lt;")
.replace(">", "&gt;");
}
}
}