Skip to content

A
amos-boot-biz
Commit 0fec6bc3 authored by 李秀明's avatar 李秀明
Browse files
Options

fix: XSLT Injection(XSLT注入)

Links https://docs.qq.com/sheet/DTkRSaWhSZXBlaldN?tab=000008&_t=1711087563249 (No.23)
parent 478d6450
Hide whitespace changes
Inline Side-by-side
Showing with 112 additions and 53 deletions
amos-boot-biz-common/src/main/java/com/yeejoin/amos/boot/biz/common/utils/WordConverterUtils.java
View file @ 0fec6bc3
......@@ -8,6 +8,7 @@ import org.apache.poi.hwpf.converter.WordToHtmlConverter;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.commons.CommonsMultipartFile;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
......@@ -25,8 +26,8 @@ import java.net.URLConnection;
public class WordConverterUtils {
public static MultipartFile fileToMultipartFile(File file) {
FileItem fileItem = createFileItem(file);
MultipartFile multipartFile = new CommonsMultipartFile(fileItem);
......@@ -48,26 +49,26 @@ public class WordConverterUtils {
}
return item;
}
/**
* word文档转html文档
*
*
* @param srcFile 原文档
* @param targetFile 目标文档
* @param fileService 图片上传接口
*/
public static void wordToHtml(String srcFile, String targetFile, String imagePathStr,String readUrl,FileService fileService,String product,String appKey,String token ) {
File html = new File(targetFile);
File html = new File(targetFile);
if ( html.exists()) {
return;
} else {
if (srcFile.endsWith(".doc")) {
docToHtml( imagePathStr,readUrl,srcFile, html, fileService, product, appKey, token);
}
}
// else if (srcFile.endsWith(".docx")) {
// docxToHtml( imagePathStr,readUrl,srcFile, html, fileService, product, appKey, token);
// }
......@@ -76,7 +77,7 @@ public class WordConverterUtils {
/**
* .doc文档转换成html
*
*
* @param srcFile 原文档
* @param targetFile 目标文档
* @param fileService 图片上传接口
......@@ -87,7 +88,7 @@ public class WordConverterUtils {
File imagePath = new File(imagePathStr);
if (!imagePath.exists()) {
imagePath.mkdirs();
}
}
URL url = new URL(srcFile);
//链接url
URLConnection uc = url.openConnection();
......@@ -117,6 +118,7 @@ public class WordConverterUtils {
DOMSource domSource = new DOMSource(htmlDocument);
StreamResult streamResult = new StreamResult(targetFile);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
serializer.setOutputProperty(OutputKeys.INDENT, "yes");
......@@ -145,27 +147,27 @@ public class WordConverterUtils {
// * @param fileService 图片上传接口
// */
// private static void docxToHtml( String imagePathStr,String readUrl,String srcFile, File targetFile, FileService fileService,String product,String appKey,String token) {
//
//
// File imagePath = new File(imagePathStr);
// if (!imagePath.exists()) {
// imagePath.mkdirs();
// }
// OutputStream outputStreamWriter=null;
// try {
//
//
// URL url = new URL(srcFile);
// //链接url
// URLConnection uc = url.openConnection();
// //获取输入流
// InputStream in = uc.getInputStream();
// XWPFDocument document = new XWPFDocument(in);
// XWPFDocument document = new XWPFDocument(in);
// //存储图片
// PdfOptions options=PdfOptions.create();
//
// outputStreamWriter=new FileOutputStream(targetFile);
// PdfConverter.getInstance().convert(document,outputStreamWriter,options);
//
//
//
// } catch (Exception e) {
// e.printStackTrace();
// } finally {
......@@ -176,8 +178,8 @@ public class WordConverterUtils {
// } catch (Exception e2) {
// e2.printStackTrace();
// }
//
//
// }
//
//
// }
}
amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/WordConverterUtils.java
View file @ 0fec6bc3
......@@ -6,6 +6,7 @@ import org.apache.poi.xwpf.converter.xhtml.XHTMLConverter;
import org.apache.poi.xwpf.converter.xhtml.XHTMLOptions;
import org.apache.poi.xwpf.usermodel.XWPFDocument;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
......@@ -104,6 +105,7 @@ public class WordConverterUtils {
DOMSource domSource = new DOMSource(htmlDocument);
StreamResult streamResult = new StreamResult(targetFile);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
serializer.setOutputProperty(OutputKeys.INDENT, "yes");
......@@ -150,6 +152,7 @@ public class WordConverterUtils {
StringWriter stringWriter = new StringWriter();
StreamResult streamResult = new StreamResult(stringWriter);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
serializer.setOutputProperty(OutputKeys.INDENT, "yes");
......
amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/WordHtml.java
View file @ 0fec6bc3
......@@ -15,6 +15,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.*;
......@@ -69,7 +70,7 @@ public class WordHtml implements AbstractHtml {
/**
* 将doc文档转换为html文件
*
*
* @param is 需要转换的doc文件
* @param outPutFile 输出html文件的全路径
* @throws TransformerException
......@@ -119,6 +120,7 @@ public class WordHtml implements AbstractHtml {
streamResult = new StreamResult(out);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
// 创建执行从 Source 到 Result 的复制的新 Transformer。
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
......@@ -191,8 +193,8 @@ public class WordHtml implements AbstractHtml {
}
}
}
public static void xml2Ttml(String docPath, String xsltPath, String hrmlPath){
FileInputStream fis= null;
FileInputStream fis1= null;
......@@ -209,7 +211,9 @@ public class WordHtml implements AbstractHtml {
//讲转换后的结果输出到 stm 中即 F:\123.html
Result result=new StreamResult(stm);
//根据XSL文件创建准个转换对象
Transformer transformer=TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer=transformerFactory.newTransformer(template);
//处理xml进行交换
transformer.transform(source, result);
} catch (FileNotFoundException e) {
......
amos-boot-module/amos-boot-module-api/amos-boot-module-precontrol-api/src/main/java/com/yeejoin/precontrol/common/fileparser/product/html/ExcelHtml.java
View file @ 0fec6bc3
......@@ -8,6 +8,7 @@ import org.apache.poi.hssf.converter.ExcelToHtmlConverter;
import org.apache.poi.hssf.usermodel.HSSFWorkbook;
import org.w3c.dom.Document;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
......@@ -72,6 +73,7 @@ public class ExcelHtml implements AbstractHtml {
StreamResult streamResult = new StreamResult(out);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "GB2312");
serializer.setOutputProperty(OutputKeys.INDENT, "no");
......
amos-boot-module/amos-boot-module-api/amos-boot-module-precontrol-api/src/main/java/com/yeejoin/precontrol/common/fileparser/product/html/WordHtml.java
View file @ 0fec6bc3
......@@ -31,6 +31,7 @@ import org.springframework.web.multipart.commons.CommonsMultipartFile;
import org.w3c.dom.Document;
import javax.imageio.ImageIO;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
......@@ -159,6 +160,7 @@ public class WordHtml implements AbstractHtml {
out = new ByteArrayOutputStream();
streamResult = new StreamResult(out);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
// 创建执行从 Source 到 Result 的复制的新 Transformer。
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
......
amos-boot-module/amos-boot-module-api/amos-boot-module-precontrol-api/src/main/java/com/yeejoin/precontrol/common/utils/WordConverterUtils.java
View file @ 0fec6bc3
......@@ -6,6 +6,7 @@ import org.apache.poi.xwpf.converter.xhtml.XHTMLConverter;
import org.apache.poi.xwpf.converter.xhtml.XHTMLOptions;
import org.apache.poi.xwpf.usermodel.XWPFDocument;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
......@@ -103,6 +104,7 @@ public class WordConverterUtils {
DOMSource domSource = new DOMSource(htmlDocument);
StreamResult streamResult = new StreamResult(targetFile);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
serializer.setOutputProperty(OutputKeys.INDENT, "yes");
......@@ -149,6 +151,7 @@ public class WordConverterUtils {
StringWriter stringWriter = new StringWriter();
StreamResult streamResult = new StreamResult(stringWriter);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
serializer.setOutputProperty(OutputKeys.INDENT, "yes");
......
amos-boot-module/amos-boot-module-api/amos-boot-module-precontrol-api/src/main/java/com/yeejoin/precontrol/common/utils/WordHtml.java
View file @ 0fec6bc3
......@@ -15,6 +15,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.*;
......@@ -78,6 +79,7 @@ public class WordHtml implements AbstractHtml {
out = new ByteArrayOutputStream();
streamResult = new StreamResult(out);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
// 创建执行从 Source 到 Result 的复制的新 Transformer。
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
......@@ -161,7 +163,9 @@ public class WordHtml implements AbstractHtml {
//讲转换后的结果输出到 stm 中即 F:\123.html
Result result = new StreamResult(stm);
//根据XSL文件创建准个转换对象
Transformer transformer = TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer = transformerFactory.newTransformer(template);
//处理xml进行交换
transformer.transform(source, result);
} catch (FileNotFoundException e) {
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-fas-biz/src/main/java/com/yeejoin/amos/fas/core/util/WordConverterUtils.java
View file @ 0fec6bc3
......@@ -6,6 +6,7 @@ import org.apache.poi.xwpf.converter.xhtml.XHTMLConverter;
import org.apache.poi.xwpf.converter.xhtml.XHTMLOptions;
import org.apache.poi.xwpf.usermodel.XWPFDocument;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
......@@ -104,6 +105,7 @@ public class WordConverterUtils {
DOMSource domSource = new DOMSource(htmlDocument);
StreamResult streamResult = new StreamResult(targetFile);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
serializer.setOutputProperty(OutputKeys.INDENT, "yes");
......@@ -150,6 +152,7 @@ public class WordConverterUtils {
StringWriter stringWriter = new StringWriter();
StreamResult streamResult = new StreamResult(stringWriter);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
serializer.setOutputProperty(OutputKeys.INDENT, "yes");
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-fas-biz/src/main/java/org/apache/poi/hwpf/converter/WordToHtmlConverter.java
View file @ 0fec6bc3
......@@ -29,6 +29,7 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
import javax.xml.XMLConstants;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
......@@ -46,7 +47,7 @@ import static org.apache.poi.hwpf.converter.AbstractWordUtils.TWIPS_PER_INCH;
* This implementation doesn't create images or links to them. This can be
* changed by overriding {@link #processImage(Element, boolean, Picture)}
* method.
*
*
* @author Sergey Vladimirov (vlsergey {at} gmail {dot} com)
*/
@Beta
......@@ -71,7 +72,7 @@ public class WordToHtmlConverter extends AbstractWordConverter
private static final POILogger logger = POILogFactory
.getLogger( WordToHtmlConverter.class );
private static String getSectionStyle( Section section )
{
float leftMargin = section.getMarginLeft() / TWIPS_PER_INCH;
......@@ -101,7 +102,7 @@ public class WordToHtmlConverter extends AbstractWordConverter
/**
* Java main() interface to interact with {@link WordToHtmlConverter}
*
*
* <p>
* Usage: WordToHtmlConverter infile outfile
* </p>
......@@ -126,6 +127,7 @@ public class WordToHtmlConverter extends AbstractWordConverter
StreamResult streamResult = new StreamResult( new File(args[1]) );
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer serializer = tf.newTransformer();
// TODO set encoding from a command argument
serializer.setOutputProperty( OutputKeys.ENCODING, "UTF-8" );
......@@ -153,7 +155,7 @@ public class WordToHtmlConverter extends AbstractWordConverter
/**
* Creates new instance of {@link WordToHtmlConverter}. Can be used for
* output several {@link HWPFDocument}s into single HTML document.
*
*
* @param document
* XML DOM Document used as HTML document
*/
......@@ -577,7 +579,7 @@ public class WordToHtmlConverter extends AbstractWordConverter
if(paragraph.getStyleIndex()>0){
pElement.setAttribute("id", "p"+System.nanoTime()%100000000+"-"+paragraph.getStyleIndex());
}
WordToHtmlUtils.compactSpans( pElement );
return;
}
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-latentdanger-biz/src/main/java/com/yeejoin/amos/latentdanger/business/util/WordHtml.java
View file @ 0fec6bc3
......@@ -15,6 +15,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.*;
......@@ -69,7 +70,7 @@ public class WordHtml implements AbstractHtml {
/**
* 将doc文档转换为html文件
*
*
* @param fileName 需要转换的doc文件
* @param outPutFile 输出html文件的全路径
* @throws TransformerException
......@@ -118,6 +119,7 @@ public class WordHtml implements AbstractHtml {
streamResult = new StreamResult(out);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
// 创建执行从 Source 到 Result 的复制的新 Transformer。
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
......@@ -190,8 +192,8 @@ public class WordHtml implements AbstractHtml {
}
}
}
public static void xml2Ttml(String docPath, String xsltPath, String hrmlPath){
FileInputStream fis= null;
FileInputStream fis1= null;
......@@ -208,7 +210,9 @@ public class WordHtml implements AbstractHtml {
//讲转换后的结果输出到 stm 中即 F:\123.html
Result result=new StreamResult(stm);
//根据XSL文件创建准个转换对象
Transformer transformer=TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer= transformerFactory.newTransformer(template);
//处理xml进行交换
transformer.transform(source, result);
} catch (FileNotFoundException e) {
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-maintenance-biz/src/main/java/com/yeejoin/amos/maintenance/business/controller/CheckController.java
View file @ 0fec6bc3
......@@ -40,6 +40,7 @@ import org.typroject.tyboot.core.restful.utils.ResponseHelper;
import org.typroject.tyboot.core.restful.utils.ResponseModel;
import javax.servlet.http.HttpServletResponse;
import javax.xml.XMLConstants;
import javax.xml.transform.*;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
......@@ -387,7 +388,9 @@ public class CheckController extends AbstractBaseController {
}
Result result = new StreamResult(html);
Transformer transformer = TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer = transformerFactory.newTransformer(template);
transformer.transform(source, result);
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-maintenance-biz/src/main/java/com/yeejoin/amos/maintenance/business/controller/TaskController.java
View file @ 0fec6bc3
......@@ -39,6 +39,7 @@ import org.typroject.tyboot.core.foundation.enumeration.UserType;
import org.typroject.tyboot.core.restful.doc.TycloudOperation;
import javax.servlet.http.HttpServletResponse;
import javax.xml.XMLConstants;
import javax.xml.transform.*;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
......@@ -194,7 +195,9 @@ public class TaskController extends AbstractBaseController{
}
Result result=new StreamResult(html);
Transformer transformer =TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer = transformerFactory.newTransformer(template);
transformer.transform(source, result);
File htmlFile = new File(html);
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-maintenance-biz/src/main/java/com/yeejoin/amos/maintenance/business/util/WordHtml.java
View file @ 0fec6bc3
......@@ -15,6 +15,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.*;
......@@ -69,7 +70,7 @@ public class WordHtml implements AbstractHtml {
/**
* 将doc文档转换为html文件
*
*
* @param fileName 需要转换的doc文件
* @param outPutFile 输出html文件的全路径
* @throws TransformerException
......@@ -118,6 +119,7 @@ public class WordHtml implements AbstractHtml {
streamResult = new StreamResult(out);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
// 创建执行从 Source 到 Result 的复制的新 Transformer。
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
......@@ -190,8 +192,8 @@ public class WordHtml implements AbstractHtml {
}
}
}
public static void xml2Ttml(String docPath, String xsltPath, String hrmlPath){
FileInputStream fis= null;
FileInputStream fis1= null;
......@@ -208,7 +210,9 @@ public class WordHtml implements AbstractHtml {
//讲转换后的结果输出到 stm 中即 F:\123.html
Result result=new StreamResult(stm);
//根据XSL文件创建准个转换对象
Transformer transformer=TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer= transformerFactory.newTransformer(template);
//处理xml进行交换
transformer.transform(source, result);
} catch (FileNotFoundException e) {
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/controller/CheckController.java
View file @ 0fec6bc3
......@@ -48,6 +48,7 @@ import org.typroject.tyboot.core.foundation.enumeration.UserType;
import org.typroject.tyboot.core.restful.doc.TycloudOperation;
import javax.servlet.http.HttpServletResponse;
import javax.xml.XMLConstants;
import javax.xml.transform.*;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
......@@ -869,7 +870,9 @@ public class CheckController extends AbstractBaseController {
}
Result result = new StreamResult(html);
Transformer transformer = TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer = transformerFactory.newTransformer(template);
transformer.transform(source, result);
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/controller/TaskController.java
View file @ 0fec6bc3
......@@ -40,6 +40,7 @@ import org.typroject.tyboot.core.foundation.enumeration.UserType;
import org.typroject.tyboot.core.restful.doc.TycloudOperation;
import javax.servlet.http.HttpServletResponse;
import javax.xml.XMLConstants;
import javax.xml.transform.*;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
......@@ -195,7 +196,9 @@ public class TaskController extends AbstractBaseController{
}
Result result=new StreamResult(html);
Transformer transformer =TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer = transformerFactory.newTransformer(template);
transformer.transform(source, result);
File htmlFile = new File(html);
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/util/WordHtml.java
View file @ 0fec6bc3
......@@ -15,6 +15,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.*;
......@@ -69,7 +70,7 @@ public class WordHtml implements AbstractHtml {
/**
* 将doc文档转换为html文件
*
*
* @param fileName 需要转换的doc文件
* @param outPutFile 输出html文件的全路径
* @throws TransformerException
......@@ -118,6 +119,7 @@ public class WordHtml implements AbstractHtml {
streamResult = new StreamResult(out);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
// 创建执行从 Source 到 Result 的复制的新 Transformer。
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
......@@ -190,8 +192,8 @@ public class WordHtml implements AbstractHtml {
}
}
}
public static void xml2Ttml(String docPath, String xsltPath, String hrmlPath){
FileInputStream fis= null;
FileInputStream fis1= null;
......@@ -204,11 +206,13 @@ public class WordHtml implements AbstractHtml {
fis1 = new FileInputStream(xsltPath);
Source template=new StreamSource(fis1);
PrintStream stm=new PrintStream(new File(hrmlPath));
PrintStream stm=new PrintStream(hrmlPath);
//讲转换后的结果输出到 stm 中即 F:\123.html
Result result=new StreamResult(stm);
//根据XSL文件创建准个转换对象
Transformer transformer=TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer= transformerFactory.newTransformer(template);
//处理xml进行交换
transformer.transform(source, result);
} catch (FileNotFoundException e) {
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-supervision-biz/src/main/java/com/yeejoin/amos/supervision/business/controller/CheckController.java
View file @ 0fec6bc3
......@@ -46,6 +46,7 @@ import org.typroject.tyboot.core.restful.utils.ResponseHelper;
import org.typroject.tyboot.core.restful.utils.ResponseModel;
import javax.servlet.http.HttpServletResponse;
import javax.xml.XMLConstants;
import javax.xml.transform.*;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
......@@ -420,7 +421,9 @@ public class CheckController extends AbstractBaseController {
}
Result result = new StreamResult(html);
Transformer transformer = TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer = transformerFactory.newTransformer(template);
transformer.transform(source, result);
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-supervision-biz/src/main/java/com/yeejoin/amos/supervision/business/controller/TaskController.java
View file @ 0fec6bc3
......@@ -39,6 +39,7 @@ import org.typroject.tyboot.core.foundation.enumeration.UserType;
import org.typroject.tyboot.core.restful.doc.TycloudOperation;
import javax.servlet.http.HttpServletResponse;
import javax.xml.XMLConstants;
import javax.xml.transform.*;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
......@@ -193,9 +194,11 @@ public class TaskController extends AbstractBaseController{
dirFile.mkdirs();
}
Result result=new StreamResult(html);
Transformer transformer =TransformerFactory.newInstance().newTransformer(template);
transformer.transform(source, result);
Result result = new StreamResult(html);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer = transformerFactory.newTransformer(template);
transformer.transform(source, result);
File htmlFile = new File(html);
FileInputStream fis = new FileInputStream(htmlFile);
......
amos-boot-module/amos-boot-module-biz/amos-boot-module-supervision-biz/src/main/java/com/yeejoin/amos/supervision/business/util/WordHtml.java
View file @ 0fec6bc3
......@@ -15,6 +15,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.*;
......@@ -69,7 +70,7 @@ public class WordHtml implements AbstractHtml {
/**
* 将doc文档转换为html文件
*
*
* @param fileName 需要转换的doc文件
* @param outPutFile 输出html文件的全路径
* @throws TransformerException
......@@ -118,6 +119,7 @@ public class WordHtml implements AbstractHtml {
streamResult = new StreamResult(out);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
// 创建执行从 Source 到 Result 的复制的新 Transformer。
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); // 文件编码方式
......@@ -190,8 +192,8 @@ public class WordHtml implements AbstractHtml {
}
}
}
public static void xml2Ttml(String docPath, String xsltPath, String hrmlPath){
FileInputStream fis= null;
FileInputStream fis1= null;
......@@ -208,7 +210,9 @@ public class WordHtml implements AbstractHtml {
//讲转换后的结果输出到 stm 中即 F:\123.html
Result result=new StreamResult(stm);
//根据XSL文件创建准个转换对象
Transformer transformer=TransformerFactory.newInstance().newTransformer(template);
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer= transformerFactory.newTransformer(template);
//处理xml进行交换
transformer.transform(source, result);
} catch (FileNotFoundException e) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment