cn.twelvet.xss.core.JacksonXssClean Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of xss-spring-boot-starter Show documentation

XSS 安全过滤插件

There is a newer version: 3.0.0

Show newest version

package cn.twelvet.xss.core;

import cn.hutool.core.util.ArrayUtil;
import cn.twelvet.xss.annotation.XssCleanIgnore;
import cn.twelvet.xss.config.XssProperties;
import cn.twelvet.xss.utils.XssUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.IOException;
import java.util.Objects;

/**
 * jackson xss 处理
 *
 * @author twelvet
 */
public class JacksonXssClean extends XssCleanDeserializerBase {

	private final static Logger log = LoggerFactory.getLogger(JacksonXssClean.class);

	private final XssProperties properties;

	private final XssCleaner xssCleaner;

	/**
	 * @param properties XssProperties
	 * @param xssCleaner XssCleaner
	 */
	public JacksonXssClean(XssProperties properties, XssCleaner xssCleaner) {
		this.properties = properties;
		this.xssCleaner = xssCleaner;
	}

	@Override
	public String clean(String name, String text) throws IOException {
		if (XssHolder.isEnabled() && Objects.isNull(XssHolder.getXssCleanIgnore())) {
			String value = xssCleaner.clean(XssUtil.trim(text, properties.isTrimText()));
			log.debug("Json property value:{} cleaned up by twelvet, current value is:{}.", text, value);
			return value;
		}
		else if (XssHolder.isEnabled() && Objects.nonNull(XssHolder.getXssCleanIgnore())) {
			XssCleanIgnore xssCleanIgnore = XssHolder.getXssCleanIgnore();
			if (ArrayUtil.contains(xssCleanIgnore.value(), name)) {
				return XssUtil.trim(text, properties.isTrimText());
			}

			String value = xssCleaner.clean(XssUtil.trim(text, properties.isTrimText()));
			log.debug("Json property value:{} cleaned up by twelvet, current value is:{}.", text, value);
			return value;
		}
		else {
			return XssUtil.trim(text, properties.isTrimText());
		}
	}

}