From 0e868bf85f7803d8b8a1692b507c0316d83b5f2f Mon Sep 17 00:00:00 2001 From: keyuan Date: Sat, 24 Apr 2021 16:41:22 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3TOMCAT=E9=AB=98=E7=89=88?= =?UTF-8?q?=E6=9C=AC=E5=85=BC=E5=AE=B9=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/key/common/plugs/xss/XssHttpWrapper.java | 15 +++++++++++---- src/main/webapp/WEB-INF/web.xml | 2 +- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/key/common/plugs/xss/XssHttpWrapper.java b/src/main/java/com/key/common/plugs/xss/XssHttpWrapper.java index d98af56..5b24890 100644 --- a/src/main/java/com/key/common/plugs/xss/XssHttpWrapper.java +++ b/src/main/java/com/key/common/plugs/xss/XssHttpWrapper.java @@ -47,6 +47,13 @@ public class XssHttpWrapper extends HttpServletRequestWrapper { */ @Override public String getHeader(String name) { + if("If-None-Match".equals(name)){ +// W/"14873-1619252839000" + String value = super.getHeader(name); + if(value==null || value.length()<50){ + return super.getHeader(name); + } + } String value = super.getHeader(xssEncode(name)); if (value != null) { value = xssEncode(value); @@ -54,8 +61,8 @@ public class XssHttpWrapper extends HttpServletRequestWrapper { return value; } - - + + /** * * @param name @@ -169,6 +176,7 @@ public class XssHttpWrapper extends HttpServletRequestWrapper { */ public String xssEncode(String s) { + if (s == null || s.isEmpty()) { return s; @@ -188,7 +196,6 @@ public class XssHttpWrapper extends HttpServletRequestWrapper { result = escape(result); } } - return result; } @@ -247,4 +254,4 @@ public class XssHttpWrapper extends HttpServletRequestWrapper { } return value; } -} \ No newline at end of file +} diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml index 619972a..edc1af7 100755 --- a/src/main/webapp/WEB-INF/web.xml +++ b/src/main/webapp/WEB-INF/web.xml @@ -47,7 +47,7 @@ - + xssFilter com.key.common.plugs.xss.XssFilter