概览
- 针对请求对象的所有String字段自动进行trim、checkXss
- 如果监测有xss风险,将抛出
XssException,可针对此异常定制全局异常处理
使用指南
- Github源码:https://github.com/guanyang/spring-base-parent
- 最新Maven坐标
1 | <dependency> |
配置说明
- 应用入口类添加
@EnableXss注解,启动Xss检查 - 当前组件只针对
RestController或者Controller标注的类进行xss校验 - 请求对象需要添加
@Valid或者@Validated注解才会进行校验 - 如果某些特殊场景需要跳过Xss检查,可以在对应字段上添加如下注解
1
2
3//check设置false,跳过xss检查,trim设置true,进行去空格处理
@XssCheck(check = false, trim = true)
private String name;
...
...
00:00
00:00
If you like this blog or find it useful for you, you are welcome to comment on it. You are also welcome to share this blog, so that more people can participate in it. If the images used in the blog infringe your copyright, please contact the author to delete them. Thank you !