输入框1处存在XSS漏洞,应该怎么解决
新建培训计划,在培训说明中输入XSS语句,点击确定提交,立马弹出XSS弹框;考试同样操作
我是在save之前添加tTrain.setTrainRemark(EscapeUtil.escapeHtml(tTrain.getTrainRemark()));
但不起作用,求助大神!
/**
* 保存培训计划
*/
@ResponseBody
@RequiresPermissions(value = {"train:tTrain:add", "train:tTrain:edit"}, logical = Logical.OR)
@RequestMapping(value = "save")
public AjaxJson save(TTrain tTrain, Model model, HttpServletRequest request) throws Exception {
AjaxJson j = new AjaxJson();
/**
* 后台hibernate-validation插件校验
*/
String errMsg = beanValidator(tTrain);
if (StringUtils.isNotBlank(errMsg)) {
j.setSuccess(false);
j.setMsg(errMsg);
return j;
}
//新增或编辑表单保存
tTrainService.save(tTrain);//保存
String operatorIds = request.getParameter("operatorIds");
// String choosep = request.getParameter("choosep");
String[] choosepone = null;
//培训人员新增编辑前进行清空
if(StringUtils.isNotBlank(tTrain.getId())){
tTrainUserService.deleteByTrainId(tTrain.getId());
}
if (null != operatorIds && !"".equals(operatorIds)) {
choosepone = operatorIds.split(",");
for (int i = 0; i < choosepone.length; i++) {
Set<String> s=new HashSet<>();
String insertDoc = request.getParameter("insertDocId");
if(StringUtils.isNotBlank(insertDoc)){
String[] split = insertDoc.split(",");
for (String s1 : split) {
if(StringUtils.isNotEmpty(s1)){
s.add(s1);
}
}
}
StringBuffer stringBuffer=new StringBuffer();
s.forEach(a->stringBuffer.append(a).append(","));
String userid = choosepone[i];
TTrainUser tTrainUser = new TTrainUser();
tTrainUser.setTrainid(tTrain.getId());
tTrainUser.setUserid(userid);
tTrainUser.setKnowledgeid(stringBuffer.toString());
tTrain.setTrainRemark(EscapeUtil.escapeHtml(tTrain.getTrainRemark()));//这是我添加的
tTrainUserService.save(tTrainUser);
}
}
j.setSuccess(true);
j.setMsg("保存培训计划成功");
return j;
}
tTrain.setTrainRemark(EscapeUtil.escapeHtml(tTrain.getTrainRemark()));
你这行是不是放错位置了,保存tTrain不是在地19行吗
出现问题先做诊断,确认问题出现的范围,再精准定位。
首先打开浏览器f12->NetWork,清空记录,然后点击按钮复现问题,出现弹框后,查看NetWork栏是否有新的网络请求,若是,则可能是后端原因;若不是,则一定是前端代码的原因;
你发一下你前端这个输入框这几行代码看一下