commit

jsowell-common/src/main/java/com/jsowell/common/xss/Xss.java

@@ -0,0 +1,26 @@
+package com.jsowell.common.xss;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 自定义xss校验注解
+ *
+ * @author jsowell
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target(value = { ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER })
+@Constraint(validatedBy = { XssValidator.class })
+public @interface Xss{
+    String message()
+
+    default "不允许任何脚本运行";
+
+    Class<?>[] groups() default {};
+
+    Class<? extends Payload>[] payload() default {};
+}

jsowell-common/src/main/java/com/jsowell/common/xss/XssValidator.java

@@ -0,0 +1,31 @@
+package com.jsowell.common.xss;
+
+import com.jsowell.common.util.StringUtils;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * 自定义xss校验注解实现
+ *
+ * @author jsowell
+ */
+public class XssValidator implements ConstraintValidator<Xss, String> {
+	private static final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />";
+
+	@Override
+	public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) {
+		if (StringUtils.isBlank(value)) {
+			return true;
+		}
+		return !containsHtml(value);
+	}
+
+	public static boolean containsHtml(String value) {
+		Pattern pattern = Pattern.compile(HTML_PATTERN);
+		Matcher matcher = pattern.matcher(value);
+		return matcher.matches();
+	}
+}