ContiNew/continew-starter
1
1
Fork 0
mirror of https://github.com/continew-org/continew-starter.git synced 2025-12-31 12:57:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(security/xss): 修复 XssServletRequestWrapper 读取请求体数据不全的问题

Browse Source 
Closes #IDEZW0
This commit is contained in:
Charles7c
2025-12-22 20:38:26 +08:00
parent a512b29082
commit 840e77d1ca
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssServletRequestWrapper.java
View File

@@ -19,9 +19,7 @@ package top.continew.starter.security.xss.filter;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.io.IoUtil;
import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.EscapeUtil;
import cn.hutool.core.util.ReUtil;
import cn.hutool.core.util.*;
import cn.hutool.http.HtmlUtil;
import cn.hutool.http.Method;
import jakarta.servlet.ReadListener;
@@ -55,7 +53,8 @@ public class XssServletRequestWrapper extends HttpServletRequestWrapper {
this.xssProperties = xssProperties;
if (CharSequenceUtil.equalsAnyIgnoreCase(request.getMethod().toUpperCase(), Method.POST.name(), Method.PATCH
.name(), Method.PUT.name())) {
body = IoUtil.getReader(request.getReader()).readLine();
String charset = StrUtil.blankToDefault(request.getCharacterEncoding(), CharsetUtil.UTF_8);
body = IoUtil.read(request.getInputStream(), CharsetUtil.charset(charset));
if (CharSequenceUtil.isBlank(body)) {
return;
}
@@ -149,4 +148,4 @@ public class XssServletRequestWrapper extends HttpServletRequestWrapper {
};
}
}
}