From 0a17381dc24c99a66861260ecb33c46ac40f447f Mon Sep 17 00:00:00 2001 From: lihongbiao <964708803@qq.com> Date: Mon, 20 Jan 2025 12:00:11 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E4=BB=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 10 + .../java/com/pixelai/AppConfiguration.java | 2 + .../api/domain/apy/OrderPayAppService.java | 148 ++++++ .../pixelai/api/pa/entity/enums/PayState.java | 30 ++ .../service/impl/PaCreationServiceImpl.java | 1 - .../java/com/pixelai/config/WeChatConfig.java | 82 ++++ .../com/pixelai/config/XssParamAspect.java | 203 ++++---- .../java/com/pixelai/utils/WeChatUtil.java | 127 +++++ src/main/java/com/pixelai/utils/XssUtils.java | 456 +++++++++--------- src/main/resources/application.yml | 9 + 10 files changed, 740 insertions(+), 328 deletions(-) create mode 100644 src/main/java/com/pixelai/api/domain/apy/OrderPayAppService.java create mode 100644 src/main/java/com/pixelai/api/pa/entity/enums/PayState.java create mode 100644 src/main/java/com/pixelai/config/WeChatConfig.java create mode 100644 src/main/java/com/pixelai/utils/WeChatUtil.java diff --git a/pom.xml b/pom.xml index 9fb6a83..389d8cd 100644 --- a/pom.xml +++ b/pom.xml @@ -26,6 +26,16 @@ + + eu.bitwalker + UserAgentUtils + 1.21 + + + com.github.wechatpay-apiv3 + wechatpay-java + 0.2.12 + com.volcengine volc-sdk-java diff --git a/src/main/java/com/pixelai/AppConfiguration.java b/src/main/java/com/pixelai/AppConfiguration.java index dc50c87..8e4b274 100644 --- a/src/main/java/com/pixelai/AppConfiguration.java +++ b/src/main/java/com/pixelai/AppConfiguration.java @@ -10,6 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.web.servlet.WebMvcProperties; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Primary; import org.springframework.core.env.Environment; @@ -33,6 +34,7 @@ import java.util.Locale; * @desc */ @Configuration +@ComponentScan(basePackages = "com.wechat.pay.java.service.payments.h5") public class AppConfiguration extends WebMvcConfigurationSupport { private static final Logger LOG = LoggerFactory.getLogger(AppConfiguration.class); @Autowired diff --git a/src/main/java/com/pixelai/api/domain/apy/OrderPayAppService.java b/src/main/java/com/pixelai/api/domain/apy/OrderPayAppService.java new file mode 100644 index 0000000..3c84e22 --- /dev/null +++ b/src/main/java/com/pixelai/api/domain/apy/OrderPayAppService.java @@ -0,0 +1,148 @@ +package com.pixelai.api.domain.apy; + +import com.pixelai.api.pa.entity.PaConsumption; +import com.pixelai.api.pa.entity.PaOrder; +import com.pixelai.api.pa.entity.PaVipCurrency; +import com.pixelai.api.pa.entity.enums.PayState; +import com.pixelai.api.pa.service.PaConsumptionService; +import com.pixelai.api.pa.service.PaOrderService; +import com.pixelai.api.pa.service.PaVipCurrencyService; +import com.pixelai.api.pa.service.PaVipService; +import com.pixelai.config.WeChatConfig; +import com.pixelai.utils.WeChatUtil; +import com.wechat.pay.java.core.exception.ValidationException; +import com.wechat.pay.java.core.http.*; +import com.wechat.pay.java.core.notification.NotificationParser; +import com.wechat.pay.java.core.util.GsonUtil; + +import com.wechat.pay.java.service.partnerpayments.h5.model.Transaction; +import com.wechat.pay.java.service.payments.h5.H5Service; +import com.wechat.pay.java.service.payments.h5.model.*; +import eu.bitwalker.useragentutils.UserAgent; +import io.undertow.util.MalformedMessageException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.client.config.RequestConfig; +import org.apache.http.entity.StringEntity; +import org.apache.http.impl.client.DefaultHttpRequestRetryHandler; +import org.apache.http.impl.client.HttpClientBuilder; +import org.springframework.transaction.annotation.Transactional; +import java.util.*; +import javax.annotation.Resource; +import javax.servlet.http.HttpServletRequest; +import java.io.IOException; +import java.math.BigDecimal; +import java.util.Objects; + +@Service +public class OrderPayAppService { + @Autowired + private WeChatConfig weChatConfig; + @Resource + private NotificationParser notificationParser; + @Resource + private H5Service h5Service; + @Resource + private PaOrderService paOrderService; + @Resource + private PaVipCurrencyService paVipCurrencyService; + @Resource + private PaConsumptionService paConsumptionService; + + public String h5Pay(PaOrder order,HttpServletRequest request) { + List buyTypes = new ArrayList<>(Arrays.asList("1","2","3","4","5","6")); + if (order.getBuyType()==null||!buyTypes.contains(order.getBuyType())) { + return "购买类型错误"; + } + // request.setXxx(val)设置所需参数,具体参数可见Request定义 + PrepayRequest prepayRequest = new PrepayRequest(); + Amount amount = new Amount(); + amount.setTotal((order.getAmount().multiply(new BigDecimal("100"))).intValue()); + prepayRequest.setAmount(amount); + prepayRequest.setAppid(weChatConfig.getAppId()); + prepayRequest.setMchid(weChatConfig.getMerchantId()); + prepayRequest.setDescription("钻石购买"); + prepayRequest.setNotifyUrl(weChatConfig.getNotifyUrl()); + String tradeNo = WeChatUtil.generateTradeNumber(); + prepayRequest.setOutTradeNo(tradeNo); + SceneInfo sceneInfo = new SceneInfo(); + sceneInfo.setPayerClientIp(weChatConfig.getAddressIp()); + H5Info h5Info = new H5Info(); + h5Info.setType(UserAgent.parseUserAgentString(request.getHeader("User-Agent")).getOperatingSystem().getName()); + sceneInfo.setH5Info(h5Info); + prepayRequest.setSceneInfo(sceneInfo); + // 调用下单方法,得到应答 + PrepayResponse response; + try { + response = h5Service.prepay(prepayRequest); + //预支付成功,创建预支付订单 + order.setOrderNum(tradeNo); + order.setPayStatus(PayState.TO_BE_PAID); + order.setCreateTime(new Date()); + order.setState("t"); + paOrderService.save(order); + return response.getH5Url(); + + } catch (Exception e) { + e.printStackTrace(); + } + return null; + } + + @Transactional + public void payNotify(HttpServletRequest request) throws Exception{ + Transaction transaction; + try { + transaction = notificationParser.parse(WeChatUtil.handleNodifyRequestParam(request), Transaction.class); + if (transaction.getTradeState() == Transaction.TradeStateEnum.SUCCESS) { + PaOrder order = paOrderService.getOrderByTradeNo(transaction.getOutTradeNo()); + if (Objects.isNull(order)) { + return; + } + //校验订单状态:若订单已支付则直接返回成功 + if (Objects.equals(order.getPayStatus(), PayState.HAVE_TO_PAY)) { + return; + } + //支付成功-修改订单状态 + order.setPayStatus(PayState.TO_BE_PAID); + order.setResult(transaction.getTradeStateDesc()); + paOrderService.updateById(order); + //支付成功-充值钻石 + PaVipCurrency currency = new PaVipCurrency(); + currency.setState("t"); + if (order.getBuyType().equals("1")){ + currency.setNumerical(5); + }else if (order.getBuyType().equals("2")){ + currency.setNumerical(10); + }else if (order.getBuyType().equals("3")){ + currency.setNumerical(20); + }else if (order.getBuyType().equals("4")){ + currency.setNumerical(30); + }else if (order.getBuyType().equals("5")){ + currency.setNumerical(50); + }else if (order.getBuyType().equals("6")){ + currency.setNumerical(100); + }else { + return; + } + currency.setUserid(order.getMemberId()); + paVipCurrencyService.save(currency); + // 添加日志 + PaConsumption consumption = new PaConsumption(); + consumption.setAddOrSub("add"); + consumption.setUserid(order.getMemberId()); + consumption.setValue(currency.getNumerical()); + consumption.setCreatetime(new Date()); + paConsumptionService.save(consumption); + } + } catch (ValidationException e) { + e.printStackTrace(); + } + } + +} diff --git a/src/main/java/com/pixelai/api/pa/entity/enums/PayState.java b/src/main/java/com/pixelai/api/pa/entity/enums/PayState.java new file mode 100644 index 0000000..6e28315 --- /dev/null +++ b/src/main/java/com/pixelai/api/pa/entity/enums/PayState.java @@ -0,0 +1,30 @@ +package com.pixelai.api.pa.entity.enums; + +/** + * 支付状态 + * + * @Author mzl. + */ +public enum PayState { + + /** + * 待支付 + */ + TO_BE_PAID, + + /** + * 已支付 + */ + HAVE_TO_PAY, + + /** + * 待退款 + */ + FOR_A_REFUND, + + /** + * 已退款 + */ + HAVE_TO_REFUND; + +} diff --git a/src/main/java/com/pixelai/api/pa/service/impl/PaCreationServiceImpl.java b/src/main/java/com/pixelai/api/pa/service/impl/PaCreationServiceImpl.java index 8536328..7c4c0c4 100644 --- a/src/main/java/com/pixelai/api/pa/service/impl/PaCreationServiceImpl.java +++ b/src/main/java/com/pixelai/api/pa/service/impl/PaCreationServiceImpl.java @@ -13,7 +13,6 @@ import com.pixelai.utils.StringUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import javax.xml.ws.Action; import java.util.List; /** diff --git a/src/main/java/com/pixelai/config/WeChatConfig.java b/src/main/java/com/pixelai/config/WeChatConfig.java new file mode 100644 index 0000000..72f121e --- /dev/null +++ b/src/main/java/com/pixelai/config/WeChatConfig.java @@ -0,0 +1,82 @@ +package com.pixelai.config; + +import com.wechat.pay.java.core.Config; +import com.wechat.pay.java.core.RSAAutoCertificateConfig; +import com.wechat.pay.java.core.notification.NotificationConfig; +import com.wechat.pay.java.core.notification.NotificationParser; +import lombok.Getter; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Primary; +import org.springframework.beans.factory.annotation.Value; +import javax.annotation.PostConstruct; +import com.wechat.pay.java.service.payments.h5.H5Service; +/** + * @desc: 微信config + * @author: shy + * @date: 2024/4/9 10:06 + */ +@Configuration +@Getter +public class WeChatConfig { + + /** + * 商户号 + */ + @Value("${wechat.pay.merchantId}") + public String merchantId; + /** + * 商户API私钥路径 + */ + @Value("${wechat.pay.privateKeyPath}") + public String privateKeyPath; + /** + * 商户证书序列号 + */ + @Value("${wechat.pay.merchantSerialNumber}") + public String merchantSerialNumber; + /** + * 商户APIV3密钥 + */ + @Value("${wechat.pay.apiV3Key}") + public String apiV3Key; + /** + * AppId + */ + @Value("${wechat.pay.appId}") + public String appId; + + @Value("${wechat.pay.addressIp}") + public String addressIp; + + @Value("${wechat.pay.notifyUrl}") + public String notifyUrl; + + private Config config; + + @PostConstruct + public void initConfig() { + // 使用自动更新平台证书的RSA配置 + // 一个商户号只能初始化一个配置,否则会因为重复的下载任务报错 + config = new RSAAutoCertificateConfig.Builder() + .merchantId(merchantId) + .privateKeyFromPath(privateKeyPath) + .merchantSerialNumber(merchantSerialNumber) + .apiV3Key(apiV3Key) + .build(); + } + + @Primary + @Bean() + public H5Service h5Service() { + return new H5Service.Builder() + .config(config) + .build(); + } + + @Primary + @Bean + public NotificationParser notificationParser() { + return new NotificationParser((NotificationConfig) config); + } +} diff --git a/src/main/java/com/pixelai/config/XssParamAspect.java b/src/main/java/com/pixelai/config/XssParamAspect.java index 45b4b80..7031e14 100644 --- a/src/main/java/com/pixelai/config/XssParamAspect.java +++ b/src/main/java/com/pixelai/config/XssParamAspect.java @@ -1,99 +1,104 @@ -package com.pixelai.config; - -import com.alibaba.fastjson.JSON; -import com.alibaba.fastjson.JSONObject; -import com.alibaba.fastjson.TypeReference; -import com.base.helper.Result; -import com.pixelai.utils.XssUtils; -import org.aspectj.lang.JoinPoint; -import org.aspectj.lang.annotation.AfterReturning; -import org.aspectj.lang.annotation.Aspect; -import org.aspectj.lang.annotation.Before; -import org.aspectj.lang.annotation.Pointcut; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.BeanUtils; -import org.springframework.core.annotation.Order; -import org.springframework.stereotype.Component; -import org.springframework.validation.BindingResult; -import org.springframework.web.multipart.MultipartFile; - -import javax.servlet.http.HttpServletResponse; -import java.util.ArrayList; -import java.util.HashMap; - -@Component -@Aspect -@Order(2) -public class XssParamAspect { - - private Logger logger = LoggerFactory.getLogger(WebLogAspect.class); - - private ThreadLocal startTime = new ThreadLocal<>(); - - @Pointcut("execution(public * com.pixelai.api.*.controller.*.*(..))") - public void xssPoint() { - } - - @Before("xssPoint()") - public void paramValid(JoinPoint point) throws Throwable { - logger.info("--------进入xss切点-------------"); - Object[] args = point.getArgs(); - for (Object o : args) { - if (o instanceof HttpServletResponse) { - // 如果参数类型是 HttpServletResponse,则不做过滤转义处理 - break; - } - else if (o instanceof Number) { - continue; - } else if (o instanceof String) { - XssUtils.stripXSS(o.toString()); - } else if (o instanceof BindingResult) { - // 如果参数类型是 BindingResult,则直接跳过 - continue; - } else if (o instanceof MultipartFile) { - // 如果参数类型是 MultipartFile,则直接跳过 - continue; - }else if (o instanceof ArrayList) { - // 如果参数类型是 MultipartFile,则直接跳过 - continue; - }else if (o == null) { - // 如果参数类型是 null,则直接跳过 - continue; - } - else { - Class clazz = o.getClass(); - String paramStr = JSON.toJSONString(o); -// System.out.println("未处理:" + paramStr); - // 使用fastjson将请求的参数转换为map - HashMap map = JSONObject.parseObject(paramStr, new TypeReference>() { - }); - map.forEach((k, v) -> { - if (!"token".equals(k) && v instanceof String) { - map.put(k, XssUtils.stripXSS(k, v.toString())); - } - }); - //System.out.println(map); - // 将map转为json - String json = JSONObject.toJSONString(map); -// System.out.println("转义过滤之后:" + json); - // 将JSON字符串转换为对象 - Object o1 = JSON.parseObject(json, clazz); -// System.out.println(o1); - BeanUtils.copyProperties(o1, o); - } - } - // 将参数覆盖到到原方法 -// Object proceed = point.proceed(args); -// return proceed; - } - - @AfterReturning(returning = "result", pointcut = "xssPoint()") - public void doAfterReturning(JoinPoint joinPoint, Result result) throws IllegalAccessException { - // 在返回请求之前对返回的内容进行过滤转义 - logger.info("过滤之前 : " + result.toString()); - XssUtils.encodeHtml(result); -// BeanUtils.copyProperties(result1, result); - } -} - +//package com.pixelai.config; +// +//import com.alibaba.fastjson.JSON; +//import com.alibaba.fastjson.JSONObject; +//import com.alibaba.fastjson.TypeReference; +//import com.base.helper.Result; +//import com.pixelai.utils.XssUtils; +//import org.aspectj.lang.JoinPoint; +//import org.aspectj.lang.annotation.AfterReturning; +//import org.aspectj.lang.annotation.Aspect; +//import org.aspectj.lang.annotation.Before; +//import org.aspectj.lang.annotation.Pointcut; +//import org.slf4j.Logger; +//import org.slf4j.LoggerFactory; +//import org.springframework.beans.BeanUtils; +//import org.springframework.core.annotation.Order; +//import org.springframework.stereotype.Component; +//import org.springframework.validation.BindingResult; +//import org.springframework.web.multipart.MultipartFile; +// +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +//import java.util.ArrayList; +//import java.util.HashMap; +// +//@Component +//@Aspect +//@Order(2) +//public class XssParamAspect { +// +// private Logger logger = LoggerFactory.getLogger(WebLogAspect.class); +// +// private ThreadLocal startTime = new ThreadLocal<>(); +// +// @Pointcut("execution(public * com.pixelai.api.*.controller.*.*(..))") +// public void xssPoint() { +// } +// +// @Before("xssPoint()") +// public void paramValid(JoinPoint point) throws Throwable { +// logger.info("--------进入xss切点-------------"); +// Object[] args = point.getArgs(); +// for (Object o : args) { +// if (o instanceof HttpServletResponse) { +// // 如果参数类型是 HttpServletResponse,则不做过滤转义处理 +// break; +// } +// if (o instanceof HttpServletRequest) { +// // 如果参数类型是 HttpServletResponse,则不做过滤转义处理 +// break; +// } +// else if (o instanceof Number) { +// continue; +// } else if (o instanceof String) { +// XssUtils.stripXSS(o.toString()); +// } else if (o instanceof BindingResult) { +// // 如果参数类型是 BindingResult,则直接跳过 +// continue; +// } else if (o instanceof MultipartFile) { +// // 如果参数类型是 MultipartFile,则直接跳过 +// continue; +// }else if (o instanceof ArrayList) { +// // 如果参数类型是 MultipartFile,则直接跳过 +// continue; +// }else if (o == null) { +// // 如果参数类型是 null,则直接跳过 +// continue; +// } +// else { +// Class clazz = o.getClass(); +// String paramStr = JSON.toJSONString(o); +//// System.out.println("未处理:" + paramStr); +// // 使用fastjson将请求的参数转换为map +// HashMap map = JSONObject.parseObject(paramStr, new TypeReference>() { +// }); +// map.forEach((k, v) -> { +// if (!"token".equals(k) && v instanceof String) { +// map.put(k, XssUtils.stripXSS(k, v.toString())); +// } +// }); +// //System.out.println(map); +// // 将map转为json +// String json = JSONObject.toJSONString(map); +//// System.out.println("转义过滤之后:" + json); +// // 将JSON字符串转换为对象 +// Object o1 = JSON.parseObject(json, clazz); +//// System.out.println(o1); +// BeanUtils.copyProperties(o1, o); +// } +// } +// // 将参数覆盖到到原方法 +//// Object proceed = point.proceed(args); +//// return proceed; +// } +// +// @AfterReturning(returning = "result", pointcut = "xssPoint()") +// public void doAfterReturning(JoinPoint joinPoint, Result result) throws IllegalAccessException { +// // 在返回请求之前对返回的内容进行过滤转义 +// logger.info("过滤之前 : " + result.toString()); +// XssUtils.encodeHtml(result); +//// BeanUtils.copyProperties(result1, result); +// } +//} +// diff --git a/src/main/java/com/pixelai/utils/WeChatUtil.java b/src/main/java/com/pixelai/utils/WeChatUtil.java new file mode 100644 index 0000000..ed8e858 --- /dev/null +++ b/src/main/java/com/pixelai/utils/WeChatUtil.java @@ -0,0 +1,127 @@ +package com.pixelai.utils; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStreamReader; +import java.security.PrivateKey; +import java.security.SecureRandom; +import java.util.Date; +import java.util.Random; + +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; + +import com.base.helper.DateUtils; +import com.wechat.pay.java.core.cipher.RSASigner; +import com.wechat.pay.java.core.cipher.SignatureResult; +import com.wechat.pay.java.core.notification.RequestParam; +import com.wechat.pay.java.core.util.NonceUtil; +import com.wechat.pay.java.core.util.PemUtil; + +/** + * @desc: 微信工具类 + * @author: shy + * @date: 2024/4/8 16:10 + */ +public class WeChatUtil { + + private static final String SYMBOLS = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + + private static final Random RANDOM = new SecureRandom(); + + /** + * 生成订单号 + * + * @param + * @return String + * @author shy + * @date 2024/4/8 16:15 + */ + public static String generateTradeNumber() { + // 定义订单号前缀 + String prefix = "shy"; + // 当前年月日 + String currentTimeStr = DateUtils.date(new Date(), "yyyyMMddHHmmss"); + // 获取当前时间戳 + long timestamp = System.currentTimeMillis(); + // 构造订单号 + return prefix + currentTimeStr + timestamp; + } + + /** + * 获取随机字符串 Nonce Str + * + * @param + * @return String + * @author shy + * @date 2024/4/16 17:07 + */ + public static String generateNonceStr() { + return NonceUtil.createNonce(32); + } + + /** + * 获取当前时间戳,单位秒 + * @param + * @return long + * @author shy + * @date 2024/4/16 17:10 + */ + public static long getCurrentTimestamp() { + return System.currentTimeMillis() / 1000; + } + + public static String getSign(String signatureStr, String privateKeyPath, String merchantSerialNumber) { + PrivateKey privateKey = PemUtil.loadPrivateKeyFromPath(privateKeyPath); + RSASigner rsaSigner = new RSASigner(merchantSerialNumber, privateKey); + SignatureResult signatureResult = rsaSigner.sign(signatureStr); + return signatureResult.getSign(); + } + + + /** + * 构造 RequestParam + * + * @param request + * @return RequestParam + * @author shy + * @date 2024/4/9 11:16 + */ + public static RequestParam handleNodifyRequestParam(HttpServletRequest request) throws IOException { + // 请求头Wechatpay-Signature + String signature = request.getHeader("Wechatpay-Signature"); + // 请求头Wechatpay-nonce + String nonce = request.getHeader("Wechatpay-Nonce"); + // 请求头Wechatpay-Timestamp + String timestamp = request.getHeader("Wechatpay-Timestamp"); + // 微信支付证书序列号 + String serial = request.getHeader("Wechatpay-Serial"); + // 签名方式 + String signType = request.getHeader("Wechatpay-Signature-Type"); + // 构造 RequestParam + return new RequestParam.Builder().serialNumber(serial).nonce(nonce).signature(signature).timestamp(timestamp).signType(signType).body(getRequestBody(request)).build(); + + } + + public static String getRequestBody(HttpServletRequest request) throws IOException { + ServletInputStream stream; + BufferedReader reader = null; + StringBuilder sb = new StringBuilder(); + try { + stream = request.getInputStream(); + // 获取响应 + reader = new BufferedReader(new InputStreamReader(stream)); + String line; + while ((line = reader.readLine()) != null) { + sb.append(line); + } + } catch (IOException e) { + throw new IOException("读取返回支付接口数据流出现异常!"); + } finally { + if (reader != null) { + reader.close(); + } + } + return sb.toString(); + } +} diff --git a/src/main/java/com/pixelai/utils/XssUtils.java b/src/main/java/com/pixelai/utils/XssUtils.java index 0b5111e..0cccee5 100644 --- a/src/main/java/com/pixelai/utils/XssUtils.java +++ b/src/main/java/com/pixelai/utils/XssUtils.java @@ -1,251 +1,251 @@ -package com.pixelai.utils; - -import com.baomidou.mybatisplus.core.metadata.IPage; -import com.base.helper.Result; -import org.apache.commons.lang3.StringUtils; - -import java.io.Serializable; -import java.lang.reflect.Field; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -public class XssUtils { - - private XssUtils() { - } - -// private static final Pattern[] PATTERNS = { -// // Avoid anything in a ", Pattern.CASE_INSENSITIVE), -// // Avoid anything in a src='...' type of expression -// Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), -// Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), -// // Remove any lonesome tag -// Pattern.compile("", Pattern.CASE_INSENSITIVE), -// // Avoid anything in a ", Pattern.CASE_INSENSITIVE), -// // Remove any lonesome ", Pattern.CASE_INSENSITIVE), +//// // Avoid anything in a src='...' type of expression +//// Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), +//// Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), +//// // Remove any lonesome tag +//// Pattern.compile("", Pattern.CASE_INSENSITIVE), +//// // Avoid anything in a ", Pattern.CASE_INSENSITIVE), +//// // Remove any lonesome