update books.sql and fix xss

novel-front/src/main/java/xyz/zinglizingli/books/web/BookController.java

@@ -321,7 +321,7 @@ public class BookController {
     @ResponseBody
     public Map<String, Object> sendBullet(@RequestParam("contentId") Long contentId, @RequestParam("bullet") String bullet) {
         Map<String, Object> result = new HashMap<>(2);
-        bookService.sendBullet(contentId, bullet);
+        bookService.sendBullet(contentId, bullet.replaceAll("<", "&lt;").replaceAll(">", "&gt;"));
         result.put("code", 1);
         result.put("desc", "ok");
         return result;

novel-front/src/main/resources/templates/books/book_content.html

@@ -195,7 +195,7 @@
         }
         //发送弹幕
         function sendBullet(){
-            var bullet = $("#screenBulletText").val();
+            var bullet = $("#screenBulletText").val().replace(/</g, "&lt;").replace(/>/g, "&gt;");
             var contentId = $("#contentIdHidden").val();
             if (bullet && contentId) {
                 if(bullet.length > 100){