update 优化后端导入返回信息使用\n分割避免前端出现xss问题

2026-03-28 16:23:24 +08:00 · 2026-03-27 16:43:31 +08:00
parent 58f1e2ba25
commit 776d85ae15
1 changed files with 6 additions and 4 deletions
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/listener/SysUserImportListener.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/listener/SysUserImportListener.java
@@ -32,6 +32,8 @@ import java.util.List;
@Slf4j
 public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo> implements ExcelListener<SysUserImportVo> {

+    private static final String NL = "\n";
+
    private final ISysUserService userService;

    private final String password;
@@ -65,7 +67,7 @@ public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo
                user.setCreateBy(operUserId);
                userService.insertUser(user);
                successNum++;
-                successMsg.append("<br/>").append(successNum).append("、账号 ").append(user.getUserName()).append(" 导入成功");
+                successMsg.append(NL).append(successNum).append("、账号 ").append(user.getUserName()).append(" 导入成功");
            } else if (isUpdateSupport) {
                Long userId = sysUser.getUserId();
                SysUserBo user = BeanUtil.toBean(userVo, SysUserBo.class);
@@ -76,14 +78,14 @@ public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo
                user.setUpdateBy(operUserId);
                userService.updateUser(user);
                successNum++;
-                successMsg.append("<br/>").append(successNum).append("、账号 ").append(user.getUserName()).append(" 更新成功");
+                successMsg.append(NL).append(successNum).append("、账号 ").append(user.getUserName()).append(" 更新成功");
            } else {
                failureNum++;
-                failureMsg.append("<br/>").append(failureNum).append("、账号 ").append(sysUser.getUserName()).append(" 已存在");
+                failureMsg.append(NL).append(failureNum).append("、账号 ").append(sysUser.getUserName()).append(" 已存在");
            }
        } catch (Exception e) {
            failureNum++;
-            String msg = "<br/>" + failureNum + "、账号 " + HtmlUtil.cleanHtmlTag(userVo.getUserName()) + " 导入失败：";
+            String msg = NL + failureNum + "、账号 " + HtmlUtil.cleanHtmlTag(userVo.getUserName()) + " 导入失败：";
            String message = e.getMessage();
            if (e instanceof ConstraintViolationException cvException) {
                message = StreamUtils.join(cvException.getConstraintViolations(), ConstraintViolation::getMessage, ", ");