渗透测试漏洞修复
This commit is contained in:
parent
388012656c
commit
ff19105298
|
|
@ -82,13 +82,17 @@ public class XssFilter implements GlobalFilter, Ordered
|
|||
DataBufferUtils.release(join);
|
||||
String bodyStr = new String(content, StandardCharsets.UTF_8);
|
||||
try {
|
||||
if (bodyStr.contains("username") || bodyStr.contains("password")){
|
||||
|
||||
}else {
|
||||
bodyStr = java.net.URLDecoder.decode(bodyStr, StandardCharsets.UTF_8.name());
|
||||
}
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
// 防xss攻击过滤
|
||||
bodyStr = EscapeUtil.clean(bodyStr);
|
||||
bodyStr = XssFilterUtil.filterSpecialChars(bodyStr);
|
||||
/* bodyStr = XssFilterUtil.filterSpecialChars(bodyStr);*/
|
||||
// 转成字节
|
||||
byte[] bytes = bodyStr.getBytes();
|
||||
NettyDataBufferFactory nettyDataBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT);
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@
|
|||
<div class="title"></div>
|
||||
<div id="pwdDiv">
|
||||
<input id="password" name="password" type="password" placeholder="密码"/>
|
||||
<p style="font-size: 12px; color: red; margin: 0;">密码中必须包含【大小字母】、【数字】、【特殊字符】</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="common-box codeDiv">
|
||||
|
|
@ -111,6 +112,14 @@
|
|||
$("#info").html('手机号或者密码或者验证码不能为空');
|
||||
$(obj).attr("disabled", false);
|
||||
} else {
|
||||
//验证密码强度
|
||||
var res = checkPwd(password);
|
||||
if (!res) {
|
||||
var msg = "您的密码复杂度太低!密码中必须包含【大小字母】、【数字】、【特殊字符】";
|
||||
alert(msg);
|
||||
//密码强度符合规则
|
||||
location.href = ctxPath + '/login.html';
|
||||
}
|
||||
$.ajax({
|
||||
type: 'post',
|
||||
contentType: "application/json; charset=utf-8",
|
||||
|
|
|
|||
Loading…
Reference in New Issue