JeecgBoot3.7XSS漏洞处理

jeecgboot · Sep 14, 2024 · 575baa8 · 575baa8
1 parent 48bc76c
commit 575baa8
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/...-system-biz/src/main/java/org/jeecg/modules/system/controller/WechatVerifyController.java b/...-system-biz/src/main/java/org/jeecg/modules/system/controller/WechatVerifyController.java
@@ -3,6 +3,8 @@
 import javax.servlet.http.HttpServletResponse;
 
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.jeecg.modules.system.util.XssUtils;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -23,8 +25,13 @@ public class WechatVerifyController {
      */
     @RequestMapping(value = "/WW_verify_{code}.txt")
     public void mpVerify(@PathVariable("code") String code, HttpServletResponse response) {
+        if(StringUtils.isEmpty(code)){
+            log.error("企业微信证书验证失败！(code为空)");
+            return;
+        }
         try {
             PrintWriter writer = response.getWriter();
+            code = XssUtils.scriptXss(code);
             writer.write(code);
             writer.close();
         } catch (Exception e) {