HtmlEscapingObjectMapperFactory.java 생성

package com.abc.cmmn.web;

import org.apache.commons.lang3.StringEscapeUtils;
import org.springframework.beans.factory.FactoryBean;
import com.fasterxml.jackson.core.SerializableString;
import com.fasterxml.jackson.core.io.CharacterEscapes;
import com.fasterxml.jackson.core.io.SerializedString;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;

public class HtmlEscapingObjectMapperFactory implements FactoryBean<ObjectMapper> {

	private final ObjectMapper objectMapper;

	public HtmlEscapingObjectMapperFactory() {
		objectMapper = new ObjectMapper();
		objectMapper.getFactory().setCharacterEscapes(new HTMLCharacterEscapes());
		objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
	}

	@Override
	public ObjectMapper getObject() throws Exception {
		return objectMapper;
	}

	@Override
	public Class<?> getObjectType() {
		return ObjectMapper.class;
	}

	@Override
	public boolean isSingleton() {
		return true;
	}

	public static class HTMLCharacterEscapes extends CharacterEscapes {

		private static final long serialVersionUID = 1L;
		private final int[] asciiEscapes;

		public HTMLCharacterEscapes() {
			// start with set of characters known to require escaping (double-quote,
			// backslash etc)
			asciiEscapes = CharacterEscapes.standardAsciiEscapesForJSON();
			// and force escaping of a few others:
			asciiEscapes['<'] = CharacterEscapes.ESCAPE_CUSTOM;
			asciiEscapes['>'] = CharacterEscapes.ESCAPE_CUSTOM;
			asciiEscapes['&'] = CharacterEscapes.ESCAPE_CUSTOM;
			asciiEscapes['"'] = CharacterEscapes.ESCAPE_CUSTOM;
			asciiEscapes['\''] = CharacterEscapes.ESCAPE_CUSTOM;
		}

		@Override
		public int[] getEscapeCodesForAscii() {
			return asciiEscapes;
		}

		// and this for others; we don't need anything special here
		@Override
		public SerializableString getEscapeSequence(int ch) {
			return new SerializedString(StringEscapeUtils.escapeHtml4(Character.toString((char) ch)));
		}
	}
}

 

dispatcher-servlet.xml 에 bean 추가

 

<bean id="htmlEscapingObjectMapper" class="com.abc.cmmn.web.HtmlEscapingObjectMapperFactory" />
	<mvc:annotation-driven>
		<mvc:message-converters>
			<bean
				class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
				<property name="objectMapper"
					ref="htmlEscapingObjectMapper"></property>
			</bean>
		</mvc:message-converters>
	</mvc:annotation-driven>
저작자표시

'개발자 > spring' 카테고리의 다른 글

[spring boot] SchedulerLock - 톰캣 스케줄러 중복 동작 방지  (0) 2021.08.26
spring lucy XSS 적용하기  (0) 2021.06.16

+ Recent posts

티스토리툴바