From 2dca6f0a129f1945e4b312b3e0dc417946327a9e Mon Sep 17 00:00:00 2001 From: RuoYi Date: Fri, 1 Mar 2024 21:55:28 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E5=8C=B9=E9=85=8D=E6=96=B9?= =?UTF-8?q?=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/ruoyi/common/core/constant/GenConstants.java | 2 +- .../main/java/com/ruoyi/common/core/xss/XssValidator.java | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/GenConstants.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/GenConstants.java index 97866586..b008e65e 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/GenConstants.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/GenConstants.java @@ -42,7 +42,7 @@ public class GenConstants /** 数据库数字类型 */ public static final String[] COLUMNTYPE_NUMBER = { "tinyint", "smallint", "mediumint", "int", "number", "integer", - "bigint", "float", "double", "decimal" }; + "bit", "bigint", "float", "double", "decimal" }; /** 页面不需要编辑字段 */ public static final String[] COLUMNNAME_NOT_EDIT = { "id", "create_by", "create_time", "del_flag" }; diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java index 92405c25..0acf3869 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java @@ -27,8 +27,13 @@ public class XssValidator implements ConstraintValidator public static boolean containsHtml(String value) { + StringBuilder sHtml = new StringBuilder(); Pattern pattern = Pattern.compile(HTML_PATTERN); Matcher matcher = pattern.matcher(value); - return matcher.matches(); + while (matcher.find()) + { + sHtml.append(matcher.group()); + } + return pattern.matcher(sHtml).matches(); } } \ No newline at end of file