public String downloadfile(@RequestParam long id){
Report report = reportService.getReportDetails(String.valueOf(id));
ResponseEntity<FileResponse> fileResponse = null;
String clusterKey = clusterService.getCLusterFromId(report.getId());
File file = new File(report.getFilePath());
fileResponse = restClient.getFileData(report.getFilePath(), clusterKey);
response.setContentType("application/vnd.ms-excel ");
response.setHeader("Content-disposition", "inline; filename=" + file.getName());
try (InputStream is = new ByteArrayInputStream(fileResponse.getBody().getResponseFile());
OutputStream out = response.getOutputStream();)
{
byte[] buffer = new byte[1024];
int bytesRead = 0;
while ((bytesRead = is.read(buffer)) != -1)
{
out.write(buffer, 0, bytesRead);
}
我正在获得跨站点脚本:以上代码out.write(buffer,0,bytesRead)行的强化工具中的永久性问题。根据建议,他们告诉我们我们需要先验证数据,然后再将其发送回浏览器。我不确定如何验证字节数组。经过一些搜索后,我发现我们可以使用esapi验证程序的getVAlidatedFileContent()方法,但不确定如何使用它。