Merge remote-tracking branch 'origin/master'

2025-09-09 12:09:57 +08:00 · 2025-09-09 12:09:57 +08:00 · d3dc26b1ea
parent d66a47eec9 a5b3abca96
commit d3dc26b1ea
2 changed files with 7 additions and 1 deletions
--- a/bonus-common/pom.xml
+++ b/bonus-common/pom.xml
@ -153,6 +153,12 @@
            <version>20231013</version>
        </dependency>

+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>32.1.3-jre</version> <!-- 请使用最新版本 -->
+        </dependency>
+
    </dependencies>

 </project>
--- a/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
@ -167,7 +167,7 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
    private static final String regex10 = "onload(.*?)=";

    // 添加安全脚本模式
-    public static final String SAFE_SCRIPT_PATTERN = "(\\||;|\\$|'|\\'|0x0d|0x0a|\\%27|\\%3B|<>|\\[\\]|\\(\\)|/|\"|script|alert|svg|confirm|prompt|onload|%3c|%3e|%2b|@|!|img|src)";
+    public static final String SAFE_SCRIPT_PATTERN = "(\\||;|\\$|'|\\'|0x0d|0x0a|\\%27|\\%3B|<>|\\[\\]|\\(\\)|\"|script|alert|svg|confirm|prompt|onload|%3c|%3e|%2b|@|!|img|src)";

    private String xssClean(String value) {
        if (value == null) {