/
safeData.go
54 lines (48 loc) · 1.09 KB
/
safeData.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package gintool
import (
"net/url"
"reflect"
"strings"
"github.com/gin-gonic/gin"
)
// 请求过滤
func SafeRequest(ctx *gin.Context) {
// POST
if ctx.Request.Method == "POST" {
SafePOST(ctx)
}
// GET
SafeQuery(ctx)
}
// POST 过滤
func SafePOST(ctx *gin.Context) {
ctx.Request.ParseForm()
formMap := ctx.Request.PostForm
for k, item := range formMap {
v := reflect.ValueOf(item[0])
if v.Type().Name() == "string" {
safeString := strings.ReplaceAll(item[0], "<", "<")
safeString = strings.ReplaceAll(safeString, ">", ">")
ctx.Request.PostForm.Set(k, safeString)
}
}
}
// GET 过滤
func SafeQuery(ctx *gin.Context) {
if ctx.Request.URL.RawQuery == "" {
return
}
rawQuery, err := url.QueryUnescape(string(ctx.Request.URL.RawQuery))
if err != nil {
return
}
rawQuery = strings.ReplaceAll(rawQuery, "<", "<")
rawQuery = strings.ReplaceAll(rawQuery, ">", ">")
ctx.Request.URL.RawQuery = rawQuery
}
// 字符串 过滤
func SafeData(data string) string {
data = strings.ReplaceAll(data, "<", "<")
data = strings.ReplaceAll(data, ">", ">")
return data
}