浏览代码

修复XSS漏洞

娄底高职分支
dao 1周前
父节点
当前提交
4308a80078
共有 2 个文件被更改,包括 13 次插入1 次删除
  1. +3
    -1
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_PortalSite/Controllers/ArticleController.cs
  2. +10
    -0
      Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/String/StringHelper.cs

+ 3
- 1
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_PortalSite/Controllers/ArticleController.cs 查看文件

@@ -137,7 +137,9 @@ namespace Learun.Application.Web.Areas.LR_PortalSite.Controllers
[HttpPost]
public ActionResult UploadFile(string keyValue, ArticleEntity entity)
{
entity.F_Content = entity.F_Content.Replace("script","");
entity.F_Title= StringHelper.DelXss(entity.F_Title);
entity.F_Content=StringHelper.DelXss(entity.F_Content);
//entity.F_Content = entity.F_Content.Replace("script","");
HttpFileCollection files = System.Web.HttpContext.Current.Request.Files;
//没有文件上传,直接返回
if (files[0].ContentLength == 0 || string.IsNullOrEmpty(files[0].FileName))


+ 10
- 0
Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Util/Learun.Util/String/StringHelper.cs 查看文件

@@ -19,5 +19,15 @@
}
return str;
}

public static string DelXss(string str)
{
if (string.IsNullOrEmpty(str))
return string.Empty;
str = str.Replace("<", "$lt;");
str = str.Replace(">", "$gt;");

return str;
}
}
}

正在加载...
取消
保存