관련 자료가 없어서 조금 해맸지만... 알고보면 기존과 같아서 굳이 신경쓸 필요도 없음.
우선 build.gradle에 추가.
compile("com.navercorp.lucy:lucy-xss:1.6.3")
compile("com.navercorp.lucy:lucy-xss-servlet:2.0.0")
소스
@EnableJpaRepositories
@SpringBootApplication
@EnableAutoConfiguration
@ComponentScan({ "com.tistory.eclipse4j" })
public class MyDictionaryApplication {
public static void main(String[] args) {
SpringApplication.run(MyDictionaryApplication.class, args);
}
@Bean
public FilterRegistrationBean xssEscapeServletFilter() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new XssEscapeServletFilter());
registrationBean.setOrder(1); // @Order로 처리.
registrationBean.addUrlPatterns("/*");
return registrationBean;
}
}
lucy-xss-servlet-filter-rule.xml 파일 추가.(resources...)
https://github.com/naver/lucy-xss-servlet-filter
그럼 돌려보기 전에 선택적 필터링을..
....
<url-rule-set>
<url-rule>
<url disable="false">/dictionary/*</url>
</url-rule>
<url-rule>
<url>/dictionary/words/save</url>
<params>
<param name="description" useDefender="false" />
</params>
</url-rule>
....