New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
序列化和反序列化能否增加对防御XSS攻击的支持? #964
Labels
Milestone
Comments
已经补上类似FASTJSON 1.x SerializeFeature.BrowserSecure一样的功能,用法同样了类似: Model model = new Model();
model.name = "<>";
String str = JSON.toJSONString(model, JSONWriter.Feature.BrowserSecure);
assertEquals("{\"name\":\"\\u003c\\u003e\"}", str);
public static class Model {
public String name;
} |
通过\uXXXX转义也是安全的 |
Reader不需要做额外配置吧 |
我前端post的json对象为 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
请描述您的需求或者改进建议
序列化和反序列化能否增加对防御XSS攻击的支持?
请描述你建议的实现方案
建议在JSONReader.Feature和JSONWriter.Feature增加防御XSS攻击的配置
转义方法可参考org.springframework.web.util.HtmlUtils类
描述您考虑过的替代方案
对您考虑过的任何替代解决方案或功能的描述。
附加信息
The text was updated successfully, but these errors were encountered: