XSS checkReturnUrl Debug 추가
This commit is contained in:
@@ -38,9 +38,9 @@ public class CrossScriptingFilter implements Filter {
|
||||
String servletPath = request.getServletPath();
|
||||
String baseUrl = uri.replace(servletPath, "");
|
||||
boolean isValidUrl = returnUrl.startsWith(baseUrl);
|
||||
// System.out.println("checkReturnUrl => "+ uri + " : "+ servletPath);
|
||||
// System.out.println("checkReturnUrl => "+ baseUrl + " : "+ returnUrl);
|
||||
// System.out.println("checkReturnUrl => "+ returnUrl + " : "+ isValidUrl);
|
||||
System.out.println("checkReturnUrl => "+ uri + " : "+ servletPath);
|
||||
System.out.println("checkReturnUrl => "+ baseUrl + " : "+ returnUrl);
|
||||
System.out.println("checkReturnUrl => "+ returnUrl + " : "+ isValidUrl);
|
||||
return isValidUrl;
|
||||
}
|
||||
|
||||
@@ -52,7 +52,7 @@ public class CrossScriptingFilter implements Filter {
|
||||
String returnUrl = (String)request.getParameter("returnUrl");
|
||||
if(returnUrl != null) {
|
||||
if(!checkReturnUrl(request, returnUrl)) {
|
||||
System.out.println("CrossScriptingFilter] bad request. - " + returnUrl);
|
||||
System.out.println("[CrossScriptingFilter] bad request. - " + returnUrl);
|
||||
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "bad request. - "+returnUrl);
|
||||
return;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user