问题描述:
前端传参的时候,某个参数中是富文本格式,格式如下:
{"msg":"操作成功","code":200,"developVos":[{"id":32,"qtId":null,"taskId":null,"oldQtId":186,"newQtId":186,"qtType":"judge","qtCode":"AW2023051100000004","qtName":"<p>147<img src=\"https://140.210.199.79/file/download/other/2023/05/11/d843133d-49dc-44f1-926c-8bfc5618e2c2.jpg\">"kpName":"测试1","total":1}}
reqParam这个参数传递到后台之后,接收的数据变为: 参数英文名参数中文名称参数是否必填参数值是否可空,其中的<table><toboy><tr><td><p>等标签全部丢失
问题定位:
拦截攻击问题,默认会把字符串中含有代码的标签过滤
解决办法:
#xss配置,防止xss攻击
xss:
#过滤开关
enabled: true
#排除链接(多个用逗号分隔)
excludeUrls:
- /question/edit/save/theory/*
#匹配链接
urlPatterns: /dataservice/*