移除 Apache-common-text 包，采用 spring 内置的 HtmlUtils 处理 xss 问题

server/pom.xml

@@ -62,11 +62,6 @@
             <artifactId>commons-lang3</artifactId>
             <version>3.7</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-text</artifactId>
-            <version>1.9</version>
-        </dependency>
         <!-- REDISSON -->
         <dependency>
             <groupId>org.redisson</groupId>

server/src/main/java/cn/keking/web/controller/FileController.java

@@ -15,8 +15,9 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 
 import java.io.*;
+import java.nio.charset.StandardCharsets;
 import java.util.*;
-import org.apache.commons.text.StringEscapeUtils;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  *
@@ -39,7 +40,8 @@ public class FileController {
         //判断是否为IE浏览器的文件名，IE浏览器下文件名会带有盘符信息
         
         // escaping dangerous characters to prevent XSS
-        fileName = StringEscapeUtils.escapeHtml4(fileName);
+        fileName = HtmlUtils.htmlEscape(fileName, StandardCharsets.UTF_8.name());
+
         // Check for Unix-style path
         int unixSep = fileName.lastIndexOf('/');
         // Check for Windows-style path