From 9c1d954bfda99a1dd0db1a77a2390ac41265a8dc Mon Sep 17 00:00:00 2001 From: xiongxiaoyang <773861846@qq.com> Date: Thu, 23 Apr 2020 09:00:05 +0800 Subject: [PATCH] update books.sql and fix xss --- .../books/web/BookController.java | 2 +- .../templates/books/book_content.html | 2 +- sql/books.sql | 22 +++---------------- 3 files changed, 5 insertions(+), 21 deletions(-) diff --git a/novel-front/src/main/java/xyz/zinglizingli/books/web/BookController.java b/novel-front/src/main/java/xyz/zinglizingli/books/web/BookController.java index eb85b9b..6c535fb 100644 --- a/novel-front/src/main/java/xyz/zinglizingli/books/web/BookController.java +++ b/novel-front/src/main/java/xyz/zinglizingli/books/web/BookController.java @@ -321,7 +321,7 @@ public class BookController { @ResponseBody public Map sendBullet(@RequestParam("contentId") Long contentId, @RequestParam("bullet") String bullet) { Map result = new HashMap<>(2); - bookService.sendBullet(contentId, bullet); + bookService.sendBullet(contentId, bullet.replaceAll("<", "<").replaceAll(">", ">")); result.put("code", 1); result.put("desc", "ok"); return result; diff --git a/novel-front/src/main/resources/templates/books/book_content.html b/novel-front/src/main/resources/templates/books/book_content.html index b26b42d..2e4683c 100644 --- a/novel-front/src/main/resources/templates/books/book_content.html +++ b/novel-front/src/main/resources/templates/books/book_content.html @@ -195,7 +195,7 @@ } //发送弹幕 function sendBullet(){ - var bullet = $("#screenBulletText").val(); + var bullet = $("#screenBulletText").val().replace(//g, ">"); var contentId = $("#contentIdHidden").val(); if (bullet && contentId) { if(bullet.length > 100){ diff --git a/sql/books.sql b/sql/books.sql index d29caf4..ef7b5c9 100644 --- a/sql/books.sql +++ b/sql/books.sql @@ -1,23 +1,4 @@ -/* -Navicat MySQL Data Transfer -Source Server : aliyun_books -Source Server Version : 80018 -Source Host : 47.106.243.172:3306 -Source Database : books - -Target Server Type : MYSQL -Target Server Version : 80018 -File Encoding : 65001 - -Date: 2019-11-15 06:10:36 -*/ - - - --- ---------------------------- --- Table structure for `book` --- ---------------------------- DROP TABLE IF EXISTS `book`; CREATE TABLE `book` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, @@ -1044,3 +1025,6 @@ INSERT INTO `book_update_time_log` VALUES ('7', '7', NOW()); ALTER TABLE book_parse_log drop INDEX uq_key_bookurl; alter table book_parse_log add column `priority` TINYINT(2) not null default 10 ; + +alter table book_parse_log add column `update_count` TINYINT(2) not null default 0 ; +