From 20aaf13b434050b0dce9727d18e178047a8c2ca8 Mon Sep 17 00:00:00 2001 From: goseoan Date: Mon, 10 Nov 2025 13:22:53 +0900 Subject: [PATCH] =?UTF-8?q?XSS=20checkReturnUrl=20Debug=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../eai/rms/common/filter/CrossScriptingFilter.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/eactive/eai/rms/common/filter/CrossScriptingFilter.java b/src/main/java/com/eactive/eai/rms/common/filter/CrossScriptingFilter.java index f7426c7..8d5da1e 100644 --- a/src/main/java/com/eactive/eai/rms/common/filter/CrossScriptingFilter.java +++ b/src/main/java/com/eactive/eai/rms/common/filter/CrossScriptingFilter.java @@ -38,9 +38,9 @@ public class CrossScriptingFilter implements Filter { String servletPath = request.getServletPath(); String baseUrl = uri.replace(servletPath, ""); boolean isValidUrl = returnUrl.startsWith(baseUrl); -// System.out.println("checkReturnUrl => "+ uri + " : "+ servletPath); -// System.out.println("checkReturnUrl => "+ baseUrl + " : "+ returnUrl); -// System.out.println("checkReturnUrl => "+ returnUrl + " : "+ isValidUrl); + System.out.println("checkReturnUrl => "+ uri + " : "+ servletPath); + System.out.println("checkReturnUrl => "+ baseUrl + " : "+ returnUrl); + System.out.println("checkReturnUrl => "+ returnUrl + " : "+ isValidUrl); return isValidUrl; } @@ -52,7 +52,7 @@ public class CrossScriptingFilter implements Filter { String returnUrl = (String)request.getParameter("returnUrl"); if(returnUrl != null) { if(!checkReturnUrl(request, returnUrl)) { - System.out.println("CrossScriptingFilter] bad request. - " + returnUrl); + System.out.println("[CrossScriptingFilter] bad request. - " + returnUrl); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "bad request. - "+returnUrl); return; }