преди 2 години · 47eaf4b8f6
--- a/zd-gateway/src/main/java/com/zd/gateway/filter/XssFilter.java
+++ b/zd-gateway/src/main/java/com/zd/gateway/filter/XssFilter.java
@@ -43,6 +43,9 @@ public class XssFilter implements GlobalFilter, Ordered {
 
				         // GET DELETE 不过滤
			
 
				         HttpMethod method = request.getMethod();
			
 
				         if (method == null || method.matches("GET") || method.matches("DELETE")) {
			
 
				+            if(request.getURI().getSchemeSpecificPart().indexOf("..")!=-1){
			
 
				+                throw new TypeMismatchException("非法参数异常!");
			
 
				+            }
			
 
				             boolean result = checkIsXSS(request.getURI().getSchemeSpecificPart());
			
 
				             if(result){
			
 
				                 throw new TypeMismatchException("非法参数异常!");