songwei
/
fxfast-code
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复字符串无法被反转义问题

This commit is contained in:
RuoYi 2021-11-01 15:02:47 +08:00
parent 181f62c15e
commit bd09e5b11c
1 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
View File

@ -69,26 +69,37 @@ public class EscapeUtil
*/ */
private static String encode(String text) private static String encode(String text)
{ {
int len; if (StringUtils.isEmpty(text))
if ((text == null) || ((len = text.length()) == 0))
{ {
return StringUtils.EMPTY; return StringUtils.EMPTY;
} }
StringBuilder buffer = new StringBuilder(len + (len >> 2));
final StringBuilder tmp = new StringBuilder(text.length() * 6);
char c; char c;
for (int i = 0; i < len; i++) for (int i = 0; i < text.length(); i++)
{ {
c = text.charAt(i); c = text.charAt(i);
if (c < 64) if (c < 256)
{ {
buffer.append(TEXT[c]); tmp.append("%");
if (c < 16)
{
tmp.append("0");
}
tmp.append(Integer.toString(c, 16));
} }
else else
{ {
buffer.append(c); tmp.append("%u");
if (c <= 0xfff)
{
// issue#I49JU8@Gitee
tmp.append("0");
}
tmp.append(Integer.toString(c, 16));
} }
} }
return buffer.toString(); return tmp.toString();
} }
/** /**
@ -145,11 +156,12 @@ public class EscapeUtil
public static void main(String[] args) public static void main(String[] args)
{ {
String html = "<script>alert(1);</script>"; String html = "<script>alert(1);</script>";
String escape = EscapeUtil.escape(html);
// String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>"; // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
// String html = "<123"; // String html = "<123";
// String html = "123>"; // String html = "123>";
System.out.println(EscapeUtil.clean(html)); System.out.println("clean: " + EscapeUtil.clean(html));
System.out.println(EscapeUtil.escape(html)); System.out.println("escape: " + escape);
System.out.println(EscapeUtil.unescape(html)); System.out.println("unescape: " + EscapeUtil.unescape(escape));
} }
} }