diff --git a/build.gradle b/build.gradle index 09654a25..3f4ce426 100644 --- a/build.gradle +++ b/build.gradle @@ -109,6 +109,9 @@ dependencies { // Jsoup implementation 'org.jsoup:jsoup:1.17.1' + + // Jackson 추가 + implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310' } tasks.named('test') { diff --git a/src/main/java/clap/server/config/jackson/JacksonConfig.java b/src/main/java/clap/server/config/jackson/JacksonConfig.java index 2711fab9..4f211b1c 100644 --- a/src/main/java/clap/server/config/jackson/JacksonConfig.java +++ b/src/main/java/clap/server/config/jackson/JacksonConfig.java @@ -4,7 +4,9 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; import com.fasterxml.jackson.databind.module.SimpleModule; +import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import lombok.extern.slf4j.Slf4j; import org.jsoup.Jsoup; import org.jsoup.safety.Safelist; @@ -13,7 +15,7 @@ import java.io.IOException; -// XSS 방지를 위한 Jackson 설정 + @Slf4j @Configuration public class JacksonConfig { @@ -21,12 +23,19 @@ public class JacksonConfig { @Bean public ObjectMapper objectMapper() { ObjectMapper mapper = new ObjectMapper(); - SimpleModule module = new SimpleModule(); - module.addDeserializer(String.class, new JsonHtmlXssDeserializer()); - mapper.registerModule(module); + + mapper.registerModule(new JavaTimeModule()); + mapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS); + + // XSS 방지를 위한 커스텀 모듈 추가 + SimpleModule xssModule = new SimpleModule(); + xssModule.addDeserializer(String.class, new JsonHtmlXssDeserializer()); + mapper.registerModule(xssModule); + return mapper; } + // XSS 방지를 위한 Jackson 설정 public static class JsonHtmlXssDeserializer extends JsonDeserializer { @Override public String deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {