From 4308a80078421018310ddd4c73b749fcb3decaae Mon Sep 17 00:00:00 2001
From: dao <qq804260@live.cn>
Date: Tue, 19 Nov 2024 15:48:41 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DXSS=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../LR_PortalSite/Controllers/ArticleController.cs     |  4 +++-
 .../Learun.Util/Learun.Util/String/StringHelper.cs     | 10 ++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_PortalSite/Controllers/ArticleController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_PortalSite/Controllers/ArticleController.cs
index d6b5e0d26..b5b14c8e3 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_PortalSite/Controllers/ArticleController.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_PortalSite/Controllers/ArticleController.cs	
@@ -137,7 +137,9 @@ namespace Learun.Application.Web.Areas.LR_PortalSite.Controllers
         [HttpPost]
         public ActionResult UploadFile(string keyValue, ArticleEntity entity)
         {
-            entity.F_Content = entity.F_Content.Replace("script","");
+            entity.F_Title= StringHelper.DelXss(entity.F_Title);
+            entity.F_Content=StringHelper.DelXss(entity.F_Content);
+            //entity.F_Content = entity.F_Content.Replace("script","");
             HttpFileCollection files = System.Web.HttpContext.Current.Request.Files;
             //没有文件上传，直接返回
             if (files[0].ContentLength == 0 || string.IsNullOrEmpty(files[0].FileName))
diff --git a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/String/StringHelper.cs b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/String/StringHelper.cs
index 895ab447d..69a74c6cb 100644
--- a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/String/StringHelper.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/String/StringHelper.cs	
@@ -19,5 +19,15 @@
             }
             return str;
         }
+
+        public static string DelXss(string str)
+        {
+            if (string.IsNullOrEmpty(str))
+                return string.Empty;
+            str = str.Replace("<", "$lt;");
+            str = str.Replace(">", "$gt;");
+
+            return str;
+        }
     }
 }