From 6dabf0b731889a4cfea0c5fad55079fbb272d224 Mon Sep 17 00:00:00 2001 From: JIWOO Date: Tue, 20 Aug 2024 17:14:09 +0900 Subject: [PATCH] =?UTF-8?q?=EC=9D=B4=EC=A7=80=EC=9A=B0=20-=20=EC=9B=B9=20?= =?UTF-8?q?=EC=B7=A8=EC=95=BD=EC=A0=90=20>=20=EC=84=B1=EC=9D=B8=20?= =?UTF-8?q?=EA=B5=90=EC=9C=A1=20=EB=93=B1=EB=A1=9D=20=EC=8B=9C=20XXS=20?= =?UTF-8?q?=EB=B0=A9=EC=A7=80=20=EC=B6=94=EA=B0=80,=20web.xml=20=EB=82=B4?= =?UTF-8?q?=20=EC=97=90=EB=9F=AC=20=ED=8E=98=EC=9D=B4=EC=A7=80=20=EC=A2=85?= =?UTF-8?q?=EB=A5=98=20=EC=A3=BC=EA=B0=80,=20=EC=A3=BC=EC=84=9D=20iframe?= =?UTF-8?q?=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../eduAplct/web/EduAplctAdultController.java | 40 ++++++++++++++++++- .../cpyrgExprnClsrm/oprtnAplctAnncmMngReg.jsp | 17 -------- .../oprtnAplctAnncmMngUpdate.jsp | 18 --------- src/main/webapp/WEB-INF/web.xml | 16 ++++++++ 4 files changed, 55 insertions(+), 36 deletions(-) diff --git a/src/main/java/kcc/ve/aplct/adultVisitEdu/eduAplct/web/EduAplctAdultController.java b/src/main/java/kcc/ve/aplct/adultVisitEdu/eduAplct/web/EduAplctAdultController.java index aecfd432..425f3bcf 100644 --- a/src/main/java/kcc/ve/aplct/adultVisitEdu/eduAplct/web/EduAplctAdultController.java +++ b/src/main/java/kcc/ve/aplct/adultVisitEdu/eduAplct/web/EduAplctAdultController.java @@ -235,7 +235,10 @@ public class EduAplctAdultController { //로그인 처리==================================== //로그인 정보 가져오기 - + + /*240820 XSS 취약점 조치*/ + vEEduAplctVO.setJobNm(unscript(vEEduAplctVO.getJobNm())); + String s_userCheckNInfo = checkLoginUtil.userCheckNInfo(model, request); if (!"".equals(s_userCheckNInfo)) { modelAndView.addObject("result", "loginFail"); @@ -558,4 +561,39 @@ public class EduAplctAdultController { return p_paginationInfo; } + + /** + * XSS 방지 처리. + * + * @param data + * @return + */ + protected String unscript(String data) { + if (data == null || data.trim().equals("")) { + return ""; + } + + String ret = data; + + ret = ret.replaceAll("<(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "<script"); + ret = ret.replaceAll(" - <%--
- -
- - -
~ - -
- - -
-
--%> - diff --git a/src/main/webapp/WEB-INF/jsp/oprtn/cpyrgExprnClsrm/oprtnAplctAnncmMngUpdate.jsp b/src/main/webapp/WEB-INF/jsp/oprtn/cpyrgExprnClsrm/oprtnAplctAnncmMngUpdate.jsp index 26c5114e..272704c5 100644 --- a/src/main/webapp/WEB-INF/jsp/oprtn/cpyrgExprnClsrm/oprtnAplctAnncmMngUpdate.jsp +++ b/src/main/webapp/WEB-INF/jsp/oprtn/cpyrgExprnClsrm/oprtnAplctAnncmMngUpdate.jsp @@ -476,24 +476,6 @@ - <%--
- - - " class="startDate inp" title="검색시작일" id="startDate01" name="strtPnttm" onclick="return calendarOpen('startDate01-lry','',this)" value="${vEPrcsDetailVO.endPnttm}" data-datecontrol="true" readonly> -
- - -
~ - " class="endDate inp" title="검색시작일" id="endDate" name="endPnttm" onclick="return calendarOpen('endDate-lry','',this)" value="${vEPrcsDetailVO.endPnttm}" data-datecontrol="true" readonly> -
- - -
-
--%> diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml index 9284d07b..1195ab09 100644 --- a/src/main/webapp/WEB-INF/web.xml +++ b/src/main/webapp/WEB-INF/web.xml @@ -131,10 +131,26 @@ java.lang.Throwable /common/error.jsp + + 400 + /common/error.jsp + + + 401 + /common/error.jsp + + + 403 + /common/error.jsp + 404 /common/error.jsp + + 405 + /common/error.jsp + 500 /common/error.jsp