xjlgod opened a new issue, #7595: URL: https://github.com/apache/incubator-seata/issues/7595
### Check Ahead - [x] I have searched the [issues](https://github.com/seata/seata/issues) of this repository and believe that this is not a duplicate. - [ ] I am willing to try to fix this bug myself. ### Ⅰ. Issue Description server在因为 'server.http.filter.xss.keywords'报错 ### Ⅱ. Describe what happened 'server.http.filter.xss.keywords' configuration error, you need to fix the default configuration or change the configuration resolution method ``` org.apache.seata.common.loader.EnhancedServiceNotFoundException: java.lang.IllegalStateException: Extension instance(definition: org.apache.seata.common.loader.ExtensionDefinition@499421a6, class: interface org.apache.seata.core.rpc.netty.http.filter.HttpRequestFilter) could not be instantiated: Invalid format for configuration 'server.http.filter.xss.keywords'. Expected a JSON array like ["<script>", "vbscript:"], but got: [<script>, </script>, javascript:, vbscript:, data:, expression(, onerror, onload, onclick, onmouseover, onfocus, onblur, onmouseenter, onmouseleave, onkeydown, onkeyup, onchange, <iframe>, <img>, <svg>, <embed>, <object>, <style>, <link>] Caused by: java.lang.IllegalStateException: Extension instance(definition: org.apache.seata.common.loader.ExtensionDefinition@499421a6, class: interface org.apache.seata.core.rpc.netty.http.filter.HttpRequestFilter) could not be instantiated: Invalid format for configuration 'server.http.filter.xss.keywords'. Expected a JSON array like ["<script>", "vbscript:"], but got: [<script>, </script>, javascript:, vbscript:, data:, expression(, onerror, onload, onclick, onmouseover, onfocus, onblur, onmouseenter, onmouseleave, onkeydown, onkeyup, onchange, <iframe>, <img>, <svg>, <embed>, <object>, <style>, <link>] at org.apache.seata.common.loader.EnhancedServiceLoader$InnerEnhancedServiceLoader.createNewExtension(EnhancedServiceLoader.java:496) at org.apache.seata.common.loader.EnhancedServiceLoader$InnerEnhancedServiceLoader.getExtensionInstance(EnhancedServiceLoader.java:477) at org.apache.seata.common.loader.EnhancedServiceLoader$InnerEnhancedServiceLoader.loadAll(EnhancedServiceLoader.java:412) at org.apache.seata.common.loader.EnhancedServiceLoader$InnerEnhancedServiceLoader.loadAll(EnhancedServiceLoader.java:393) at org.apache.seata.common.loader.EnhancedServiceLoader$InnerEnhancedServiceLoader.access$500(EnhancedServiceLoader.java:277) at org.apache.seata.common.loader.EnhancedServiceLoader.loadAll(EnhancedServiceLoader.java:175) at org.apache.seata.core.rpc.netty.http.filter.HttpRequestFilterManager.initializeFilters(HttpRequestFilterManager.java:41) at org.apache.seata.server.spring.listener.HttpFilterInitListener.onApplicationEvent(HttpFilterInitListener.java:30) at org.apache.seata.server.spring.listener.HttpFilterInitListener.onApplicationEvent(HttpFilterInitListener.java:23) at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:178) at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:171) at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:145) at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:430) at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:387) at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:952) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:594) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:732) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:409) at org.springframework.boot.SpringApplication.run(SpringApplication.java:308) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1300) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1289) at org.apache.seata.server.ServerApplication.main(ServerApplication.java:30) Caused by: java.lang.IllegalArgumentException: Invalid format for configuration 'server.http.filter.xss.keywords'. Expected a JSON array like ["<script>", "vbscript:"], but got: [<script>, </script>, javascript:, vbscript:, data:, expression(, onerror, onload, onclick, onmouseover, onfocus, onblur, onmouseenter, onmouseleave, onkeydown, onkeyup, onchange, <iframe>, <img>, <svg>, <embed>, <object>, <style>, <link>] at org.apache.seata.server.filter.XSSHttpRequestFilter.<init>(XSSHttpRequestFilter.java:72) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490) at java.base/java.lang.Class.newInstance(Class.java:584) at org.apache.seata.common.loader.EnhancedServiceLoader$InnerEnhancedServiceLoader.initInstance(EnhancedServiceLoader.java:721) at org.apache.seata.common.loader.EnhancedServiceLoader$InnerEnhancedServiceLoader.createNewExtension(EnhancedServiceLoader.java:492) ... 21 common frames omitted Caused by: com.fasterxml.jackson.databind.JsonMappingException: Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: (String)"[<script>, </script>, javascript:, vbscript:, data:, expression(, onerror, onload, onclick, onmouseover, onfocus, onblur, onmouseenter, onmouseleave, onkeydown, onkeyup, onchange, <iframe>, <img>, <svg>, <embed>, <object>, <style>, <link>]"; line: 1, column: 3] (through reference chain: java.util.ArrayList[0]) at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:392) at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:363) at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.deserialize(StringCollectionDeserializer.java:221) at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.deserialize(StringCollectionDeserializer.java:182) at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.deserialize(StringCollectionDeserializer.java:25) at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:323) at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4674) at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3629) at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3612) at org.apache.seata.server.filter.XSSHttpRequestFilter.<init>(XSSHttpRequestFilter.java:70) ... 28 common frames omitted Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: (String)"[<script>, </script>, javascript:, vbscript:, data:, expression(, onerror, onload, onclick, onmouseover, onfocus, onblur, onmouseenter, onmouseleave, onkeydown, onkeyup, onchange, <iframe>, <img>, <svg>, <embed>, <object>, <style>, <link>]"; line: 1, column: 3] at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:2391) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:735) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:659) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:2005) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:802) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextTextValue(ReaderBasedJsonParser.java:1218) at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.deserialize(StringCollectionDeserializer.java:201) ... 35 common frames omitted <== ``` ### Ⅲ. Describe what you expected to happen _No response_ ### Ⅳ. How to reproduce it (as minimally and precisely as possible) start server ### Ⅴ. Anything else we need to know? _No response_ ### Ⅵ. Environment _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
