|
|
@ -7,7 +7,9 @@ import org.springframework.cloud.gateway.filter.GatewayFilterChain; |
|
|
|
import org.springframework.cloud.gateway.filter.GlobalFilter; |
|
|
|
import org.springframework.cloud.gateway.filter.GlobalFilter; |
|
|
|
import org.springframework.core.Ordered; |
|
|
|
import org.springframework.core.Ordered; |
|
|
|
import org.springframework.core.io.buffer.DataBuffer; |
|
|
|
import org.springframework.core.io.buffer.DataBuffer; |
|
|
|
|
|
|
|
import org.springframework.core.io.buffer.DataBufferFactory; |
|
|
|
import org.springframework.core.io.buffer.DataBufferUtils; |
|
|
|
import org.springframework.core.io.buffer.DataBufferUtils; |
|
|
|
|
|
|
|
import org.springframework.core.io.buffer.DefaultDataBufferFactory; |
|
|
|
import org.springframework.core.io.buffer.NettyDataBufferFactory; |
|
|
|
import org.springframework.core.io.buffer.NettyDataBufferFactory; |
|
|
|
import org.springframework.http.HttpHeaders; |
|
|
|
import org.springframework.http.HttpHeaders; |
|
|
|
import org.springframework.http.HttpMethod; |
|
|
|
import org.springframework.http.HttpMethod; |
|
|
@ -70,10 +72,12 @@ public class XssFilter implements GlobalFilter, Ordered |
|
|
|
public Flux<DataBuffer> getBody() |
|
|
|
public Flux<DataBuffer> getBody() |
|
|
|
{ |
|
|
|
{ |
|
|
|
Flux<DataBuffer> body = super.getBody(); |
|
|
|
Flux<DataBuffer> body = super.getBody(); |
|
|
|
return body.map(dataBuffer -> { |
|
|
|
return body.buffer().map(dataBuffers -> { |
|
|
|
byte[] content = new byte[dataBuffer.readableByteCount()]; |
|
|
|
DataBufferFactory dataBufferFactory = new DefaultDataBufferFactory(); |
|
|
|
dataBuffer.read(content); |
|
|
|
DataBuffer join = dataBufferFactory.join(dataBuffers); |
|
|
|
DataBufferUtils.release(dataBuffer); |
|
|
|
byte[] content = new byte[join.readableByteCount()]; |
|
|
|
|
|
|
|
join.read(content); |
|
|
|
|
|
|
|
DataBufferUtils.release(join); |
|
|
|
String bodyStr = new String(content, StandardCharsets.UTF_8); |
|
|
|
String bodyStr = new String(content, StandardCharsets.UTF_8); |
|
|
|
// 防xss攻击过滤
|
|
|
|
// 防xss攻击过滤
|
|
|
|
bodyStr = EscapeUtil.clean(bodyStr); |
|
|
|
bodyStr = EscapeUtil.clean(bodyStr); |
|
|
|