work/book-api
4
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xss过滤时,不需要有contextPath路径

This commit is contained in:
阿沐 2024-06-26 22:59:36 +08:00
parent b9a77fc3a4
commit 6533791200
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
maku-framework/src/main/java/net/maku/framework/common/xss/XssFilter.java
View File

@ -38,7 +38,7 @@ public class XssFilter extends OncePerRequestFilter {
}
// 放行不过滤的URL
return properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getRequestURI()));
return properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getServletPath()));
}
}

4
maku-framework/src/main/java/net/maku/framework/common/xss/XssFilterJsonDeserializer.java
View File

@ -33,9 +33,9 @@ public class XssFilterJsonDeserializer extends JsonDeserializer<String> {
if (request == null) {
return value;
}
// 判断该URI是否放行
boolean flag = properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getRequestURI()));
boolean flag = properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getServletPath()));
if (flag) {
return value;
}