我正在创建如下响应:
@Override
public Response post(String html,String headers) {
HttpEntity<String> requestPayload = new HttpEntity<String>(html,headers);
ResponseEntity<String> responseEntity = null;
responseEntity = restTemplate.postForEntity(uri, requestPayload,String.class);
String responseString = responseEntity.getBody().toString();
return Response.ok().entity(responseString).build();
}
Fortify抱怨
该方法将未经验证的数据发送到第xx行的Web浏览器,这可能导致浏览器执行恶意代码。
我知道如何解决这个问题?
答案 0 :(得分:0)
您需要告诉spring控制器您需要从后端发送什么格式的数据作为响应。
对于GET请求,需要在控制器中添加。即,produce = MediaType.APPLICATION_JSON_VALUE
@RequestMapping(value =&#34; / Patient / {patientID} / _ history / {versionId}&#34;,method = RequestMethod.GET,produce = MediaType.APPLICATION_JSON_VALUE)
对于POST请求生成&amp;消耗需要添加 @RequestMapping(value =&#34; / Patient&#34;,method = RequestMethod.POST,produce = MediaType.APPLICATION_JSON_VALUE,consume = MediaType.APPLICATION_JSON_VALUE)
@覆盖 @RequestMapping(value =&#34; / Patient / {patientID} / _ history / {versionId}&#34;,method = RequestMethod.GET,produce = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity getResourceByVersionId(@ PathVariable String patientID,@ PathVariable String versionId){ return super.getResourceByVersionId(patientID,versionId); }
答案 1 :(得分:0)
在PHP中,我遇到了同样的问题,我更改了代码:
$output = array(
"draw" => (isset($requestData['draw']) ? $requestData['draw']:1),
"recordsTotal" => intval($totalData),
"recordsFiltered" => intval($filteredData),
"data" => $data
);
echo json_encode($output);
收件人:
if (isset ( $requestData ['draw'] )) {
$draw = $requestData ['draw'];
} else {
$draw = 1;
}
$output = array (
"draw" => intval ( $requestData ['draw'] ),
"recordsTotal" => intval ( $totalData ),
"recordsFiltered" => intval ( $filteredData ),
"data" => $data
);
echo json_encode ( $output );
我解决了问题:-) 我希望这对某人有帮助!