zhouxy108/hutool
1
0
Fork 0
mirror of https://gitee.com/chinabugotech/hutool.git synced 2025-07-21 15:09:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2755 from LuisStruggle/v5-dev

Browse Source 
HtmlUtil中escape方法,增加不断开空格(nbsp)转译,防止xss攻击
This commit is contained in:
Golden Looly
2022-11-28 10:23:11 +08:00
committed by GitHub
parent d29b87c36f 31bcd02732
commit 5f10d2d025
4 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hutool-core/src/main/java/cn/hutool/core/text/StrPool.java
View File

@@ -176,7 +176,7 @@ public interface StrPool {
/**
* 字符串常量HTML 空格转义 {@code " " -> " "}
* 字符串常量HTML 不间断空格转义 {@code " " -> " "}
*/
String HTML_NBSP = XmlUtil.NBSP;

2
hutool-core/src/main/java/cn/hutool/core/util/XmlUtil.java
View File

@@ -67,7 +67,7 @@ import java.util.Map;
public class XmlUtil {
/**
* 字符串常量XML 空格转义 {@code " " -> " "}
* 字符串常量XML 不间断空格转义 {@code " " -> " "}
*/
public static final String NBSP = " ";