javascript在@RequestBody中如何防止java spring启动中出现盲目XSS
目前,api看起来像:-
@Autowired
private EmployeeService empService;
@ApiOperation(value = "adds a new Employee")
@PostMapping(value = /add)
public EmployeeDetails employeeDetails(@RequestBody @Valid @NotNull EmployeeDetails empDetails) {
empservice.addNewEmployee(empDetails);
}
员工详细信息:-
import lombok.Data;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
@Entity
@Data
public class EmployeeDetails {
private Long id;
private String firstName;
private String lastName;
@Override
public String toString() {
return "EmployeeDetails{" +
"id=" + id +
", firstName='" + firstName + '\'' +
", lastName='" + lastName + '\'' +
'}';
}
}
所以问题是要避免xss攻击
例如,如果它将这段代码<script>alert("hello")</script>
放在名字的位置,那么它也会通过,并给出200作为响应
或者
如果我们在ID的情况下给出1.2,那么响应是200
我该怎么解决
共 (0) 个答案