Jackson对返回数据进行XSS过滤
定义一个类继承ObjectMapper
package demo;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.Version;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.module.SimpleModule;
import org.springframework.web.util.HtmlUtils;
import java.io.IOException;
public class CustomObjectMapper extends ObjectMapper {
private static final long serialVersionUID = -3448961813323784217L;
public CustomObjectMapper() {
SimpleModule module = new SimpleModule("HTML XSS Serializer",
new Version(1, 0, 0, "FINAL","com.yihaomen","ep-jso