2023-11-8 校验..参数。

zd-gateway/src/main/java/com/zd/gateway/filter/XssFilter.java

@@ -43,6 +43,9 @@ public class XssFilter implements GlobalFilter, Ordered {
         // GET DELETE 不过滤
         HttpMethod method = request.getMethod();
         if (method == null || method.matches("GET") || method.matches("DELETE")) {
+            if(request.getURI().getSchemeSpecificPart().indexOf("..")!=-1){
+                throw new TypeMismatchException("非法参数异常!");
+            }
             boolean result = checkIsXSS(request.getURI().getSchemeSpecificPart());
             if(result){
                 throw new TypeMismatchException("非法参数异常!");