From 19b868875992821a28f408cbbd2a31fa47f91072 Mon Sep 17 00:00:00 2001
From: Live <1005297262@qq.com>
Date: 星期二, 09 六月 2020 11:36:10 +0800
Subject: [PATCH] IpUtils工具，清除Xss特殊字符，防止Xff注入攻击

---
 ruoyi/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ruoyi/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java b/ruoyi/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
index f6754c4..8989ca1 100644
--- a/ruoyi/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
+++ b/ruoyi/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
@@ -58,7 +58,7 @@
      */
     public static String clean(String content)
     {
-        return content.replaceAll(RE_HTML_MARK, "");
+        return new HTMLFilter().filter(content);
     }
 
     /**
@@ -144,7 +144,7 @@
 
     public static void main(String[] args)
     {
-        String html = "<script>alert(1);</script>";
+        String html = "alert('11111');";
         System.out.println(EscapeUtil.clean(html));
         System.out.println(EscapeUtil.escape(html));
         System.out.println(EscapeUtil.unescape(html));

--
Gitblit v1.9.2