渗透测试漏洞修复
This commit is contained in:
parent
388012656c
commit
ff19105298
|
|
@ -82,13 +82,17 @@ public class XssFilter implements GlobalFilter, Ordered
|
||||||
DataBufferUtils.release(join);
|
DataBufferUtils.release(join);
|
||||||
String bodyStr = new String(content, StandardCharsets.UTF_8);
|
String bodyStr = new String(content, StandardCharsets.UTF_8);
|
||||||
try {
|
try {
|
||||||
|
if (bodyStr.contains("username") || bodyStr.contains("password")){
|
||||||
|
|
||||||
|
}else {
|
||||||
bodyStr = java.net.URLDecoder.decode(bodyStr, StandardCharsets.UTF_8.name());
|
bodyStr = java.net.URLDecoder.decode(bodyStr, StandardCharsets.UTF_8.name());
|
||||||
|
}
|
||||||
} catch (UnsupportedEncodingException e) {
|
} catch (UnsupportedEncodingException e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
// 防xss攻击过滤
|
// 防xss攻击过滤
|
||||||
bodyStr = EscapeUtil.clean(bodyStr);
|
bodyStr = EscapeUtil.clean(bodyStr);
|
||||||
bodyStr = XssFilterUtil.filterSpecialChars(bodyStr);
|
/* bodyStr = XssFilterUtil.filterSpecialChars(bodyStr);*/
|
||||||
// 转成字节
|
// 转成字节
|
||||||
byte[] bytes = bodyStr.getBytes();
|
byte[] bytes = bodyStr.getBytes();
|
||||||
NettyDataBufferFactory nettyDataBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT);
|
NettyDataBufferFactory nettyDataBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT);
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@
|
||||||
<div class="title"></div>
|
<div class="title"></div>
|
||||||
<div id="pwdDiv">
|
<div id="pwdDiv">
|
||||||
<input id="password" name="password" type="password" placeholder="密码"/>
|
<input id="password" name="password" type="password" placeholder="密码"/>
|
||||||
|
<p style="font-size: 12px; color: red; margin: 0;">密码中必须包含【大小字母】、【数字】、【特殊字符】</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="common-box codeDiv">
|
<div class="common-box codeDiv">
|
||||||
|
|
@ -111,6 +112,14 @@
|
||||||
$("#info").html('手机号或者密码或者验证码不能为空');
|
$("#info").html('手机号或者密码或者验证码不能为空');
|
||||||
$(obj).attr("disabled", false);
|
$(obj).attr("disabled", false);
|
||||||
} else {
|
} else {
|
||||||
|
//验证密码强度
|
||||||
|
var res = checkPwd(password);
|
||||||
|
if (!res) {
|
||||||
|
var msg = "您的密码复杂度太低!密码中必须包含【大小字母】、【数字】、【特殊字符】";
|
||||||
|
alert(msg);
|
||||||
|
//密码强度符合规则
|
||||||
|
location.href = ctxPath + '/login.html';
|
||||||
|
}
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: 'post',
|
type: 'post',
|
||||||
contentType: "application/json; charset=utf-8",
|
contentType: "application/json; charset=utf-8",
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue