修复用户昵称xss攻击

liangyi.chen@yoho.cn
Commit fc0718a2c4d629d2bfa4c60346727607b6d10aac 1 parent 1f33862a
Showing 1 changed file with 3 additions and 0 deletions
grass/src/main/java/com/yohobuy/platform/grass/cache/UserInfoCacheHelper.java
--- a/grass/src/main/java/com/yohobuy/platform/grass/cache/UserInfoCacheHelper.java
View file @fc0718a
+++ b/grass/src/main/java/com/yohobuy/platform/grass/cache/UserInfoCacheHelper.java
View file @fc0718a
@@ -5,6 +5,7 @@ import com.yoho.service.model.social.request.UicUserReqBO;
 import com.yoho.service.model.social.response.UserInfoRspBO;
 import com.yohobuy.platform.common.service.redis.PlatformRedis;
 import org.apache.commons.collections.CollectionUtils;
+ import org.apache.commons.lang3.StringEscapeUtils;
 import org.apache.commons.lang3.tuple.Pair;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -52,6 +53,8 @@ public class UserInfoCacheHelper {
             UserInfoRspBO[] userBaseInfo  = serviceCaller.post("uic.getUserInfoListByYohoUid", url,  req, UserInfoRspBO[].class,  null).get();
             logger.info("end getUsersInfo from uic uids={}", uids);
             for(UserInfoRspBO bo : userBaseInfo){
+                 String nickName = bo.getNickName();
+                 bo.setNickName(StringEscapeUtils.escapeHtml4(nickName));
                 resultMap.put(bo.getUid(), bo);
             }
             return resultMap;