Skip to content

增加博客类型,xss攻击拦截 #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sLiKangli wants to merge 5 commits into from
Closed

增加博客类型,xss攻击拦截 #101

sLiKangli wants to merge 5 commits into from

Conversation

@sLiKangli
Copy link

@sLiKangli sLiKangli commented Oct 26, 2022

需要执行sql脚本

alter table blog.blog
add create_type int(1) null comment '博客创作类型:1. 原创; 2. 转载';

@stick-i

@stick-i stick-i self-requested a review October 26, 2022 13:51
@stick-i
Copy link
Owner

stick-i commented Oct 28, 2022

SQL的修改可以提交到document文档里面的SQL语句当中噢,直接在创建表的SQL语句上修改即可

@stick-i
Copy link
Owner

stick-i commented Oct 28, 2022

当前新增的功能应该提交到dev分支,我根据你提的issue单独开了一个dev分支噢

image

分支的名称为 dev_blog_#100,你当前的代码应该合并到这个分支上。

stick-i
stick-i requested changes Oct 28, 2022
View reviewed changes
Copy link
Owner

@stick-i stick-i left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

请提交到dev_blog_#100分支上噢

common/common-web/src/main/java/cn/sticki/common/web/advice/DefaultExceptionAdvice.java
return new RestResult<>(402, "参数异常", null, false);
String message = "参数异常";
if (e instanceof IllegalArgumentException) {
message = "参数异常:" + e.getMessage();
Copy link
Owner

@stick-i stick-i Oct 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这样校验是否会导致某些非人为控制抛出IllegalArgumentException的地方,会将异常信息返回到前端?

Copy link
Author

@sLiKangli sLiKangli Oct 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

如果有非我们显示调用抛出的IllegalArgumentException异常,说明是代码bug,需要修复,现在这个单独处理,是因为使用了spring的Assert 断言类,message描述了异常原因,需要主动抛给前端,进行友好提示。
也可以考虑自己创建断言类,自定义异常,不用或继承IllegalArgumentException

@stick-i stick-i changed the base branch from main to dev_blog_#100 October 29, 2022 06:25
@sLiKangli sLiKangli closed this Oct 29, 2022
@stick-i stick-i mentioned this pull request Oct 29, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stick-i stick-i stick-i requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sLiKangli @stick-i