HTML过滤器改为将html转义

ruoyi-admin/src/main/resources/templates/monitor/online/online.html

@@ -62,7 +62,10 @@
                 },
 		        {
 		            field: 'sessionId',
-		            title: '会话编号'
+		            title: '会话编号',
+		            formatter: function(value, row, index) {
+                    	return $.table.tooltip(value);
+                    }
 		        },
 		        {
 		            field: 'loginName',

ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java

@@ -147,6 +147,7 @@ public class EscapeUtil
         String html = "<script>alert(1);</script>";
         // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
         // String html = "<123";
+        // String html = "123>";
         System.out.println(EscapeUtil.clean(html));
         System.out.println(EscapeUtil.escape(html));
         System.out.println(EscapeUtil.unescape(html));

ruoyi-common/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java

@@ -35,7 +35,7 @@ public final class HTMLFilter
     private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
     private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
     private static final Pattern P_END_ARROW = Pattern.compile("^>");
-    // private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
+    private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
     private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
     private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
     private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
@@ -131,7 +131,7 @@ public final class HTMLFilter
         vAllowedEntities = new String[] { "amp", "gt", "lt", "quot" };
         stripComment = true;
         encodeQuotes = true;
-        alwaysMakeTags = true;
+        alwaysMakeTags = false;
     }
 
     /**
@@ -246,7 +246,7 @@ public final class HTMLFilter
             //
             s = regexReplace(P_END_ARROW, "", s);
             // 不追加结束标签
-            // s = regexReplace(P_BODY_TO_END, "<$1>", s);
+            s = regexReplace(P_BODY_TO_END, "<$1>", s);
             s = regexReplace(P_XML_CONTENT, "$1<$2", s);
 
         }

ruoyi-generator/src/main/resources/templates/tool/gen/importTable.html

@@ -59,7 +59,6 @@
 		        {
 		            field: 'tableName',
 		            title: '表名称',
-		            width: '20%',
 		            sortable: true,
 		            formatter: function(value, row, index) {
                     	return $.table.tooltip(value);
@@ -68,7 +67,6 @@
 		        {
 		            field: 'tableComment',
 		            title: '表描述',
-		            width: '20%',
 		            sortable: true,
 		            formatter: function(value, row, index) {
                     	return $.table.tooltip(value);
@@ -77,13 +75,11 @@
 		        {
 		            field: 'createTime',
 		            title: '创建时间',
-		            width: '20%',
 		            sortable: true
 		        },
 		        {
 		            field: 'updateTime',
 		            title: '更新时间',
-		            width: '20%',
 		            sortable: true
 		        }]
 		    };