[참고]https://github.com/naver/lucy-xss-servlet-filter
pom.xml 추가
<dependency>
<groupId>com.navercorp.lucy</groupId>
<artifactId>lucy-xss-servlet</artifactId>
<version>2.0.0</version>
</dependency>
[web.xml]
filter 순서 UTF-8 인코딩 필터가 있다면 그 다음으로
multipartFilter 추가 후 XSS filter 추가 한다.
이유) 게시판 파일 업로드 enctype="multipart/form-data"
일떄 multipartFilter 필터 타지 않을 수 있음 그래서 필터 순서를 맞춰줘야 함
<!-- multipartFilter -->
<filter>
<filter-name>multipartFilter</filter-name>
<filter-class>
org.springframework.web.multipart.support.MultipartFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>multipartFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- xss filter -->
<filter>
<filter-name>xssEscapeServletFilter</filter-name>
<filter-class>com.navercorp.lucy.security.xss.servletfilter.XssEscapeServletFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>xssEscapeServletFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
[root-context.xml]에 multipartResolver bean설정시 아이디를
multipartResolver --> filterMultipartResolver 변경 해줌
그래야 xss 필터가 정상적으로 동작
<!-- multipartResolver -->
<!--<beans:bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />-->
<beans:bean id="filterMultipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />