From 181a4899085a5423b8dc44ae66e381388b75ab91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=98=BF=E6=B2=90?= <babamu@126.com>
Date: Fri, 6 Oct 2023 15:54:23 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96xss=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/net/maku/framework/common/xss/XssUtils.java | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/maku-framework/src/main/java/net/maku/framework/common/xss/XssUtils.java b/maku-framework/src/main/java/net/maku/framework/common/xss/XssUtils.java
index c4c703c..238db86 100644
--- a/maku-framework/src/main/java/net/maku/framework/common/xss/XssUtils.java
+++ b/maku-framework/src/main/java/net/maku/framework/common/xss/XssUtils.java
@@ -1,8 +1,8 @@
 package net.maku.framework.common.xss;
 
-import cn.hutool.core.util.ReflectUtil;
-import cn.hutool.http.HTMLFilter;
-
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.jsoup.safety.Safelist;
 
 /**
  * XSS 过滤工具类
@@ -11,12 +11,10 @@ import cn.hutool.http.HTMLFilter;
  * <a href="https://maku.net">MAKU</a>
  */
 public class XssUtils {
-    private static final ThreadLocal<HTMLFilter> HTML_FILTER = ThreadLocal.withInitial(() -> {
-        HTMLFilter htmlFilter = new HTMLFilter();
-        // 避免 " 被转成 &quot; 字符
-        ReflectUtil.setFieldValue(htmlFilter, "encodeQuotes", false);
-        return htmlFilter;
-    });
+    /**
+     * 不格式化
+     */
+    private final static Document.OutputSettings outputSettings = new Document.OutputSettings().prettyPrint(false);
 
     /**
      * XSS过滤
@@ -25,7 +23,7 @@ public class XssUtils {
      * @return 返回过滤后的内容
      */
     public static String filter(String content) {
-        return HTML_FILTER.get().filter(content);
+        return Jsoup.clean(content, "", Safelist.relaxed(), outputSettings);
     }
-    
+
 }
\ No newline at end of file