před 5 roky · 96d0bd2581
--- a/README.md
+++ b/README.md
@@ -80,7 +80,7 @@
 
				     </tr>

			
 
				 	<tr>

			
 
				         <td><img src="https://oscimg.oschina.net/oscnet/bed2b98a44e7ae820c2885329e711965c28.jpg"/></td>

			
 
				-        <td><img src="https://oscimg.oschina.net/oscnet/5f3d39a141f21f81b90536f391b8408f1fa.jpg"/></td>

			
 
				+        <td><img src="https://oscimg.oschina.net/oscnet/up-6d73c2140ce694e3de4c05035fdc1868d4c.png"/></td>

			
 
				     </tr>

			
 
				 </table>

			
 
				 

			
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/EscapeUtil.java
@@ -145,6 +145,8 @@ public class EscapeUtil
 
				     public static void main(String[] args)
			
 
				     {
			
 
				         String html = "<script>alert(1);</script>";
			
 
				+        // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
			
 
				+        // String html = "<123";
			
 
				         System.out.println(EscapeUtil.clean(html));
			
 
				         System.out.println(EscapeUtil.escape(html));
			
 
				         System.out.println(EscapeUtil.unescape(html));
			
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/html/HTMLFilter.java
@@ -35,7 +35,7 @@ public final class HTMLFilter
 
				     private static final Pattern P_VALID_ENTITIES = Pattern.compile("&([^&;]*)(?=(;|&|$))");
			
 
				     private static final Pattern P_VALID_QUOTES = Pattern.compile("(>|^)([^<]+?)(<|$)", Pattern.DOTALL);
			
 
				     private static final Pattern P_END_ARROW = Pattern.compile("^>");
			
 
				-    private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
			
 
				+    // private static final Pattern P_BODY_TO_END = Pattern.compile("<([^>]*?)(?=<|$)");
			
 
				     private static final Pattern P_XML_CONTENT = Pattern.compile("(^|>)([^<]*?)(?=>)");
			
 
				     private static final Pattern P_STRAY_LEFT_ARROW = Pattern.compile("<([^>]*?)(?=<|$)");
			
 
				     private static final Pattern P_STRAY_RIGHT_ARROW = Pattern.compile("(^|>)([^<]*?)(?=>)");
			
@@ -245,7 +245,8 @@ public final class HTMLFilter
 
				             // try and form html
			
 
				             //
			
 
				             s = regexReplace(P_END_ARROW, "", s);
			
 
				-            s = regexReplace(P_BODY_TO_END, "<$1>", s);
			
 
				+            // 不追加结束标签
			
 
				+            // s = regexReplace(P_BODY_TO_END, "<$1>", s);
			
 
				             s = regexReplace(P_XML_CONTENT, "$1<$2", s);
			
 
				 
			
 
				         }