zhouxy108/hutool
1
0
Fork 0
mirror of https://gitee.com/chinabugotech/hutool.git synced 2025-07-21 15:09:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

html防止注入转译,增加不断开空格(nbsp)转译

Browse Source
This commit is contained in:
LuisStruggle
2022-11-24 10:53:32 +08:00
parent c72757b813
commit 31bcd02732
4 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
hutool-http/src/test/java/cn/hutool/http/HtmlUtilTest.java
View File

@@ -134,6 +134,16 @@ public class HtmlUtilTest {
Assert.assertEquals("'", HtmlUtil.unescape("'"));
}
@Test
public void escapeTest2() {
char c = ' '; // 不断开空格non-breaking space缩写nbsp。)
Assert.assertEquals(c, 160);
String html = "<html><body> </body></html>";
String escape = HtmlUtil.escape(html);
Assert.assertEquals("&lt;html&gt;&lt;body&gt;&nbsp;&lt;/body&gt;&lt;/html&gt;", escape);
Assert.assertEquals(" ", HtmlUtil.unescape("&nbsp;"));
}
@Test
public void filterTest() {
String html = "<alert></alert>";