When the title is added to the article published by ordinary users, the title format is not filtered, which can leak sensitive information. Users can publish articles titled <script>alert(document.cookie)</script>, which will cause user cookie leakage when accessed.
缺陷代码位置:/admin/article-new.html
@RequestMapping(value = "/article-new.html")
public String articleNew(ModelMap modelMap) {
List allCategory = commonMapper.findAllCategory();
List allTag = commonMapper.findAllTag();
/** * 插入图片 */
List allImg = multimediaMapper.findAllImg(null);
PageInfo allImgInfo = new PageInfo(allImg);
modelMap.put("allCategory", allCategory);
modelMap.put("allTag", allTag);
modelMap.put("allImgInfo", allImgInfo.getList());
return "_admin/article/article_new"