Skip to content

Commit

Permalink
[FIX] xss 필터 수정
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikekks
mikekks committed May 4, 2024
1 parent bfcdf06 commit 060147f
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion src/main/java/synk/meeteam/global/util/HtmlCharacterEscapes.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,10 @@
import com.fasterxml.jackson.core.SerializableString;
import com.fasterxml.jackson.core.io.CharacterEscapes;
import com.fasterxml.jackson.core.io.SerializedString;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringEscapeUtils;

@Slf4j
public class HtmlCharacterEscapes extends CharacterEscapes {

private final int[] asciiEscapes;
Expand All @@ -28,6 +30,14 @@ public int[] getEscapeCodesForAscii() {

@Override
public SerializableString getEscapeSequence(int ch) {
return new SerializedString(StringEscapeUtils.escapeHtml4(Character.toString((char) ch)));
char charAt = (char) ch;
if (Character.isHighSurrogate(charAt) || Character.isLowSurrogate(charAt)) {
StringBuilder sb = new StringBuilder();
sb.append("\\u");
sb.append(String.format("%04x", ch));
return new SerializedString(sb.toString());
} else {
return new SerializedString(StringEscapeUtils.escapeHtml4(Character.toString(charAt)));
}
}
}

0 comments on commit 060147f

Please sign in to comment.