通知管理内容接受html

e0f97b14 · stylefeng · 06ced613 · e0f97b14 · e0f97b14 · e0f97b14
Commit e0f97b14 authored Sep 04, 2017 by stylefeng
Showing with 24 additions and 4 deletions

guns-admin/src/main/java/com/stylefeng/guns/config/web/WebConfig.java
+4 -1

guns-admin/src/main/webapp/static/modular/system/notice/notice_info.js
+1 -1

guns-core/src/main/java/com/stylefeng/guns/core/xss/XssFilter.java
+19 -2

No files found.
--- a/guns-admin/src/main/java/com/stylefeng/guns/config/web/WebConfig.java
+++ b/guns-admin/src/main/java/com/stylefeng/guns/config/web/WebConfig.java
@@ -19,6 +19,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.context.request.RequestContextListener;
+import java.util.Arrays;
 import java.util.Properties;
 /**
@@ -100,7 +101,9 @@ public class WebConfig {
     */
    @Bean
    public FilterRegistrationBean xssFilterRegistration() {
-        FilterRegistrationBean registration = new FilterRegistrationBean(new XssFilter());
+        XssFilter xssFilter = new XssFilter();
+        xssFilter.setUrlExclusion(Arrays.asList("/notice/update","/notice/add"));
+        FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
        registration.addUrlPatterns("/*");
        return registration;
    }

--- a/guns-admin/src/main/webapp/static/modular/system/notice/notice_info.js
+++ b/guns-admin/src/main/webapp/static/modular/system/notice/notice_info.js
@@ -54,7 +54,7 @@ NoticeInfoDlg.close = function () {
 * 收集数据
 */
 NoticeInfoDlg.collectData = function () {
-    this.noticeInfoData['content'] = NoticeInfoDlg.editor.txt.text();
+    this.noticeInfoData['content'] = NoticeInfoDlg.editor.txt.html();
    this.set('id').set('title');
 }

--- a/guns-core/src/main/java/com/stylefeng/guns/core/xss/XssFilter.java
+++ b/guns-core/src/main/java/com/stylefeng/guns/core/xss/XssFilter.java
@@ -4,12 +4,15 @@ package com.stylefeng.guns.core.xss;
 import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
+import java.util.List;
 public class XssFilter implements Filter {
    FilterConfig filterConfig = null;
+    private List<String> urlExclusion = null;
    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }
@@ -19,8 +22,21 @@ public class XssFilter implements Filter {
    }
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-        chain.doFilter(new XssHttpServletRequestWrapper(
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
-                (HttpServletRequest) request), response);
+        String servletPath = httpServletRequest.getServletPath();
+        if (urlExclusion != null && urlExclusion.contains(servletPath)) {
+            chain.doFilter(request, response);
+        } else {
+            chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request), response);
+        }
+    }
+    public List<String> getUrlExclusion() {
+        return urlExclusion;
    }
+    public void setUrlExclusion(List<String> urlExclusion) {
+        this.urlExclusion = urlExclusion;
+    }
 }
\ No newline at end of file