From da3567b8c17b1359476ad93a9276528dd07873e1 Mon Sep 17 00:00:00 2001 From: wyh Date: Thu, 17 Oct 2024 14:21:40 +0900 Subject: [PATCH] =?UTF-8?q?=EC=95=8C=EB=A6=BC=ED=86=A1=20=EB=8C=80?= =?UTF-8?q?=EC=B2=B4=EB=AC=B8=EC=9E=90=EC=8B=9C=20XSS=EC=97=90=20=EA=B4=80?= =?UTF-8?q?=EB=A0=A8=20=ED=8A=B9=EC=88=98=EA=B8=B0=ED=98=B8=20=EB=B3=80?= =?UTF-8?q?=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kakao/msgdata/at/KakaoAlimtalkMsgDataView.jsp | 6 +++--- src/main/webapp/js/MJUtill.js | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/main/webapp/WEB-INF/jsp/web/kakao/msgdata/at/KakaoAlimtalkMsgDataView.jsp b/src/main/webapp/WEB-INF/jsp/web/kakao/msgdata/at/KakaoAlimtalkMsgDataView.jsp index f97124a8..218f4832 100644 --- a/src/main/webapp/WEB-INF/jsp/web/kakao/msgdata/at/KakaoAlimtalkMsgDataView.jsp +++ b/src/main/webapp/WEB-INF/jsp/web/kakao/msgdata/at/KakaoAlimtalkMsgDataView.jsp @@ -203,9 +203,9 @@ $(document).ready(function(){ $('#smsTxtArea').val(''); // // 미리보기 텍스트를 가져와 줄바꿈 처리 후 대체문자 내용으로 입력 - $('#smsTxtArea').val( - $('.template_text').html().trim().replace(/(
||
)/g, '\r\n') - ); + var template_text = $('.template_text').html().trim(); + template_text = XSSChange(template_text); + $('#smsTxtArea').val(template_text); // //문자 내용 입력시 바이트수 계산하기 diff --git a/src/main/webapp/js/MJUtill.js b/src/main/webapp/js/MJUtill.js index faace197..76e20453 100644 --- a/src/main/webapp/js/MJUtill.js +++ b/src/main/webapp/js/MJUtill.js @@ -180,6 +180,21 @@ function XSSCheck(str, level) { return str; } +/** + * XSS 변경하기 + * + * + */ +function XSSChange(str) { + + str = str.replaceAll(/(
||
)/g, '\r\n'); + str = str.replaceAll("<", '<'); + str = str.replaceAll(">", '>'); + str = str.replaceAll("&", '&'); + + return str; +} + //숫자 천단위 콤마 찍어주기 function numberWithCommas(x) {