|
|
@@ -43,6 +43,9 @@ public class XssFilter implements GlobalFilter, Ordered {
|
|
|
// GET DELETE 不过滤
|
|
|
HttpMethod method = request.getMethod();
|
|
|
if (method == null || method.matches("GET") || method.matches("DELETE")) {
|
|
|
+ if(request.getURI().getSchemeSpecificPart().indexOf("..")!=-1){
|
|
|
+ throw new TypeMismatchException("非法参数异常!");
|
|
|
+ }
|
|
|
boolean result = checkIsXSS(request.getURI().getSchemeSpecificPart());
|
|
|
if(result){
|
|
|
throw new TypeMismatchException("非法参数异常!");
|
chaiyunlong