XSS checkReturnUrl Debug 추가

This commit is contained in:
goseoan
2025-11-10 13:22:53 +09:00
parent af7ed03492
commit 20aaf13b43
@@ -38,9 +38,9 @@ public class CrossScriptingFilter implements Filter {
String servletPath = request.getServletPath(); String servletPath = request.getServletPath();
String baseUrl = uri.replace(servletPath, ""); String baseUrl = uri.replace(servletPath, "");
boolean isValidUrl = returnUrl.startsWith(baseUrl); boolean isValidUrl = returnUrl.startsWith(baseUrl);
// System.out.println("checkReturnUrl => "+ uri + " : "+ servletPath); System.out.println("checkReturnUrl => "+ uri + " : "+ servletPath);
// System.out.println("checkReturnUrl => "+ baseUrl + " : "+ returnUrl); System.out.println("checkReturnUrl => "+ baseUrl + " : "+ returnUrl);
// System.out.println("checkReturnUrl => "+ returnUrl + " : "+ isValidUrl); System.out.println("checkReturnUrl => "+ returnUrl + " : "+ isValidUrl);
return isValidUrl; return isValidUrl;
} }
@@ -52,7 +52,7 @@ public class CrossScriptingFilter implements Filter {
String returnUrl = (String)request.getParameter("returnUrl"); String returnUrl = (String)request.getParameter("returnUrl");
if(returnUrl != null) { if(returnUrl != null) {
if(!checkReturnUrl(request, returnUrl)) { if(!checkReturnUrl(request, returnUrl)) {
System.out.println("CrossScriptingFilter] bad request. - " + returnUrl); System.out.println("[CrossScriptingFilter] bad request. - " + returnUrl);
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "bad request. - "+returnUrl); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "bad request. - "+returnUrl);
return; return;
} }