[ST24PRJ-612][FRONT] pc/mo 전시 상품명 깨짐

src/main/java/com/style24/admin/biz/service/TsaFaqService.java

@@ -46,7 +46,8 @@ public class TsaFaqService {
 	public void saveFaq(Faq faq) {
 		// 내용 유무 확인
 		if (StringUtils.isNotBlank(faq.getAnswer())) {
-			faq.setAnswer(faq.getAnswer().replaceAll("&lt;", "<").replaceAll("&gt;", ">"));
+			//faq.setAnswer(faq.getAnswer().replaceAll("&lt;", "<").replaceAll("&gt;", ">"));
+			faq.setAnswer(faq.getAnswer().replaceAll("(?i)script",""));
 		}
 
 		faqDao.saveFaq(faq);

src/main/java/com/style24/admin/biz/service/TsaGoodsService.java

@@ -964,10 +964,17 @@ public class TsaGoodsService {
 	 */
 	@Transactional("shopTxnManager")
 	public void saveGoodsDetail(Goods goods) {
-
+		
 		// <,> replace 처리
 		goods.setRegNo(TsaSession.getInfo().getUserNo());
 		goods.setUpdNo(TsaSession.getInfo().getUserNo());
+		goods.setGoodsContentsDesc(goods.getGoodsContentsDesc().replaceAll("(?i)script",""));
+		goods.setGoodsDesc(goods.getGoodsDesc().replaceAll("(?i)script",""));
+		goods.setGoodsCharacterDesc(goods.getGoodsCharacterDesc().replaceAll("(?i)script",""));
+		goods.setGoodsPcTopDesc(goods.getGoodsPcTopDesc().replaceAll("(?i)script",""));
+		goods.setGoodsMobileTopDesc(goods.getGoodsMobileTopDesc().replaceAll("(?i)script",""));
+		goods.setGoodsPcDownDesc(goods.getGoodsPcDownDesc().replaceAll("(?i)script",""));
+		goods.setGoodsMobileDownDesc(goods.getGoodsMobileDownDesc().replaceAll("(?i)script",""));
 
 //		goods.setGoodsDesc(GagaStringUtil.replace(GagaStringUtil.replace(goods.getGoodsDesc(), "&lt;", "<"), "&gt;", ">"));
 //		goods.setGoodsPcTopDesc(GagaStringUtil.replace(GagaStringUtil.replace(goods.getGoodsPcTopDesc(), "&lt;", "<"), "&gt;", ">"));
@@ -1967,6 +1974,7 @@ public class TsaGoodsService {
 	public void saveNotice(Notice notice) {
 		notice.setRegNo(TsaSession.getInfo().getUserNo());
 		notice.setUpdNo(TsaSession.getInfo().getUserNo());
+		notice.setNoticeContent(notice.getNoticeContent().replaceAll("(?i)script", ""));
 
 		// 신규 일때
 		if (notice.getNoticeSq() == null) {
@@ -3940,6 +3948,7 @@ public class TsaGoodsService {
 		//log.info("[saveSizeInfo] sizeInfo {}", sizeInfo);
 		String sizeCate1Cd = "";
 		String sizeCate2Cd = "";
+		sizeInfo.setSizeInfo(sizeInfo.getSizeInfo().replaceAll("(?i)script", ""));
 		if ("1".equals(sizeInfo.getSizeGb())) {
 
 			if (StringUtils.isBlank(sizeInfo.getSizeCate1Cd())) {
@@ -4157,7 +4166,6 @@ public class TsaGoodsService {
 	 */
 	@Transactional("shopTxnManager")
 	public void createSalfGoodsDetail(Goods goods) {
-
 		// 중복여부 확인
 		Goods goodsDup = goodsDao.getGoods(goods);
 		if (goodsDup != null) {
@@ -4198,6 +4206,14 @@ public class TsaGoodsService {
 //		goods.setGoodsNm(GagaStringUtil.replace(GagaStringUtil.replace(goods.getGoodsNm(), "&lt;", "<"), "&gt;", ">"));
 //		goods.setGoodsTnm(GagaStringUtil.replace(GagaStringUtil.replace(goods.getGoodsTnm(), "&lt;", "<"), "&gt;", ">"));
 //		goods.setGoodsSnm1(GagaStringUtil.replace(GagaStringUtil.replace(goods.getGoodsSnm1(), "&lt;", "<"), "&gt;", ">"));
+		
+		goods.setGoodsContentsDesc(goods.getGoodsContentsDesc().replaceAll("(?i)script",""));
+		goods.setGoodsDesc(goods.getGoodsDesc().replaceAll("(?i)script",""));
+		goods.setGoodsCharacterDesc(goods.getGoodsCharacterDesc().replaceAll("(?i)script",""));
+		goods.setGoodsPcTopDesc(goods.getGoodsPcTopDesc().replaceAll("(?i)script",""));
+		goods.setGoodsMobileTopDesc(goods.getGoodsMobileTopDesc().replaceAll("(?i)script",""));
+		goods.setGoodsPcDownDesc(goods.getGoodsPcDownDesc().replaceAll("(?i)script",""));
+		goods.setGoodsMobileDownDesc(goods.getGoodsMobileDownDesc().replaceAll("(?i)script",""));
 
 		// 판매기간설정 eskim
 		goods.setSellStdt(goods.getSellStYMD().replaceAll("-", "") + goods.getSellStHH() + "0000");

src/main/java/com/style24/admin/biz/service/TsaMailTemplateService.java

@@ -66,7 +66,7 @@ public class TsaMailTemplateService {
 	public void saveMailHeaderFooter(MailHeaderFooter mailhf) {
 		mailhf.setRegNo(TsaSession.getInfo().getUserNo());
 		mailhf.setUpdNo(TsaSession.getInfo().getUserNo());
-		mailhf.setMailhfContent(mailhf.getMailhfContent().replaceAll("&lt;", "<").replaceAll("&gt;", ">"));
+		//mailhf.setMailhfContent(mailhf.getMailhfContent().replaceAll("&lt;", "<").replaceAll("&gt;", ">"));
 		mailTemplateDao.saveMailHeaderFooter(mailhf);
 	}
 

src/main/java/com/style24/admin/biz/service/TsaNoticeService.java

@@ -70,7 +70,7 @@ public class TsaNoticeService {
 	public void saveNotice(Notice notice) {
 		notice.setRegNo(TsaSession.getInfo().getUserNo());
 		notice.setUpdNo(TsaSession.getInfo().getUserNo());
-
+		notice.setNoticeContent(notice.getNoticeContent().replaceAll("(?i)script", ""));
 		// 신규 일때
 		if (notice.getNoticeSq() == null) {
 			// 공지사항 저장

src/main/webapp/WEB-INF/views/board/NoticeForm.html

@@ -339,8 +339,8 @@
 				$('#detailForm input:checkbox[name=chkPopupYn]').prop('checked', false);
 				$("#detailForm input:checkbox[name=chkPopupYn]").parent().removeClass('checked');
 			}
-			$('#detailForm input[name=popupDispStdt]').val(event.data.popupDispStdt == '00000000' ? '' : event.data.popupDispStdt.toDate("YYYYMMDD").format("YYYY-MM-DD"));
-			$('#detailForm input[name=popupDispEddt]').val(event.data.popupDispEddt == '00000000' ? '' : event.data.popupDispEddt.toDate("YYYYMMDD").format("YYYY-MM-DD"));
+			$('#detailForm input[name=popupDispStdt]').val(event.data.popupDispStdt == '00000000' ? '' : event.data.popupDispStdt == null ? '' : event.data.popupDispStdt.toDate("YYYYMMDD").format("YYYY-MM-DD"));
+			$('#detailForm input[name=popupDispEddt]').val(event.data.popupDispEddt == '00000000' ? '' : event.data.popupDispEddt == null ? '' : event.data.popupDispEddt.toDate("YYYYMMDD").format("YYYY-MM-DD"));
 		}
 
 		// 공지내용. Summernote에 값 세팅
@@ -353,6 +353,7 @@
 
 		// 파일 목록
 		fnGetNoticeFileList(event.data.noticeSq);
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 검색
@@ -614,6 +615,10 @@
 		});
 	});
 	
+	var fnUnEscapeHtml = function(){	//XSS 변환
+		$('#detailForm input[name=noticeTitle]').val($('#detailForm input[name=noticeTitle]').val().replaceXSS());
+	};
+	
 	$(document).ready(function() {
 		cfnCreateCalendar('#noticeTerms', 'startDt', 'endDt');
 		

src/main/webapp/WEB-INF/views/business/AflinkForm.html

@@ -199,6 +199,7 @@
 		}
 
 		$('#detailForm input[name=afLinkNm]').focus();
+		fnUnEscapeHtml();	//XSS변환
 	}
 	
 	// 검색
@@ -279,6 +280,10 @@
 		gagaAgGrid.exportToExcel('제휴채널 목록', gridOptions);
 	});
 	
+	var fnUnEscapeHtml = function(){	//XSS 변환
+		$('#detailForm input[name=afLinkNm]').val($('#detailForm input[name=afLinkNm]').val().replaceXSS());
+	};
+	
 	$(document).ready(function() {
 		// Create a agGrid
 		gagaAgGrid.createGrid('gridList', gridOptions);

src/main/webapp/WEB-INF/views/business/DeliveryLocForm.html

@@ -320,6 +320,7 @@
 		} else {
 			$('#detailForm input:radio[name=useYn]').eq(1).attr('checked', true);
 		}
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 업체 조회 팝업에서 호출
@@ -441,6 +442,13 @@
 		cfnOpenDaumAddr(daumZip);
 	}
 	
+	var fnUnEscapeHtml = function(){	//XSS 변환
+		$('#detailForm input[name=delvLocNm]').val($('#detailForm input[name=delvLocNm]').val().replaceXSS());
+		$('#detailForm input[name=rtnLocNm]').val($('#detailForm input[name=rtnLocNm]').val().replaceXSS());
+		$('#detailForm input[name=delvLocDtlAddr]').val($('#detailForm input[name=delvLocDtlAddr]').val().replaceXSS());
+		$('#detailForm input[name=rtnLocDtlAddr]').val($('#detailForm input[name=rtnLocDtlAddr]').val().replaceXSS());
+	};
+	
 	$(document).ready(function() {
 		// Create a agGrid
 		gagaAgGrid.createGrid('gridList', gridOptions);

src/main/webapp/WEB-INF/views/business/SupplyCompanyForm.html

@@ -494,6 +494,7 @@
 		
 		// 배송비 정책 조회
 		fnGetDeliveryFeePolicy(event.data.supplyCompCd);
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 검색
@@ -788,6 +789,17 @@
 		return result;
 	}
 	
+	var fnUnEscapeHtml = function(){	//XSS 변환
+		$('#detailForm input[name=supplyCompNm]').val($('#detailForm input[name=supplyCompNm]').val().replaceXSS());
+		$('#detailForm input[name=bizDtlAddr]').val($('#detailForm input[name=bizDtlAddr]').val().replaceXSS());
+		$('#detailForm input[name=csChargeNm]').val($('#detailForm input[name=csChargeNm]').val().replaceXSS());
+		$('#detailForm input[name=csChargeTelno]').val($('#detailForm input[name=csChargeTelno]').val().replaceXSS());
+		$('#detailForm input[name=settleChargeNm]').val($('#detailForm input[name=settleChargeNm]').val().replaceXSS());
+		$('#detailForm input[name=settleChargeTelno]').val($('#detailForm input[name=settleChargeTelno]').val().replaceXSS());
+		$('#detailForm textarea[name=remarks]').val($('#detailForm textarea[name=remarks]').val().replaceXSS());
+		$('#detailForm textarea[name=note]').val($('#detailForm textarea[name=note]').val().replaceXSS());
+	};
+	
 	$(document).ready(function() {
 		// Create a agGrid
 		gagaAgGrid.createGrid('gridList', gridOptions);

src/main/webapp/WEB-INF/views/business/SupplyVendorForm.html

@@ -218,11 +218,12 @@
 		} else {
 			$('#detailForm input:radio[name=useYn]').eq(1).trigger('click');
 		}
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 검색
 	$('#btnSearch').on('click', function() {
-		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions, '#searchForm');
+		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions, '#searchForm',fnChangeGrid);
 	});
 	
 	// 신규버튼
@@ -272,6 +273,48 @@
 		cfnOpenDaumAddr(daumZip);
 	}
 	
+	var fnUnEscapeHtml = function(){	//XSS 변환
+		$('#detailForm input[name=supplyVendorNm]').val($('#detailForm input[name=supplyVendorNm]').val().replaceXSS());
+		$('#detailForm input[name=bizNo]').val($('#detailForm input[name=bizNo]').val().replaceXSS());
+		$('#detailForm input[name=bizKind]').val($('#detailForm input[name=bizKind]').val().replaceXSS());
+		$('#detailForm input[name=bizType]').val($('#detailForm input[name=bizType]').val().replaceXSS());
+		$('#detailForm input[name=ownerNm]').val($('#detailForm input[name=ownerNm]').val().replaceXSS());
+		$('#detailForm input[name=mainTelno]').val($('#detailForm input[name=mainTelno]').val().replaceXSS());
+		$('#detailForm input[name=mainFaxno]').val($('#detailForm input[name=mainFaxno]').val().replaceXSS());
+		$('#detailForm input[name=bizDtlAddr]').val($('#detailForm input[name=bizDtlAddr]').val().replaceXSS());
+		$('#detailForm input[name=homepageUrl]').val($('#detailForm input[name=homepageUrl]').val().replaceXSS());
+	};
+	
+	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			if(item.bizDtlAddr != null && item.bizDtlAddr !=  '' && item.bizDtlAddr != 'undefined'){
+			let bizNo = item.bizNo;
+			let bizKind = item.bizKind;
+			let bizType = item.bizType;
+			let ownerNm = item.ownerNm;
+			let mainTelno = item.mainTelno;
+			let mainFaxno = item.mainFaxno;
+			let bizDtlAddr = item.bizDtlAddr;
+			let homepageUrl = item.homepageUrl;
+			
+			item.bizNo = bizNo.replaceXSS();
+			item.bizKind = bizKind.replaceXSS();
+			item.bizType = bizType.replaceXSS();
+			item.ownerNm = ownerNm.replaceXSS();
+			item.mainTelno = mainTelno.replaceXSS();
+			item.mainFaxno = mainFaxno.replaceXSS();
+			item.bizDtlAddr = bizDtlAddr.replaceXSS();
+			item.homepageUrl = homepageUrl.replaceXSS();
+			}
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
+	};
+
+	
 	$(document).ready(function() {
 		// Create a agGrid
 		gagaAgGrid.createGrid('gridList', gridOptions);

src/main/webapp/WEB-INF/views/common/fragments/footer.html

@@ -98,6 +98,15 @@ let cfnInitLayerPosition = function() {
 	element_layer.style.left = (((window.innerWidth || document.documentElement.clientWidth) - width) / 2 - borderWidth) + 'px';
 	element_layer.style.top = (((window.innerHeight || document.documentElement.clientHeight) - height) / 2 - borderWidth) + 'px';
 }
+
+String.prototype.replaceXSS = function (){	//XSS 변환
+	var str = this;
+	
+	str = str.split(/&lt;/g).join("<");
+	str = str.split(/&gt;/g).join(">");
+	
+	return str;
+}
 /*]]>*/
 </script>
 </footer>

src/main/webapp/WEB-INF/views/customer/CustomerDetailForm.html

@@ -1249,6 +1249,7 @@
 
 			fnDisplayDeliveryCheckBox(event.data.defaultYn, event.data.delYn);
 		}
+		fnUnEscapeHtml();	//XSS변환
 	};
 
 	// 회원정보 조회
@@ -1291,7 +1292,8 @@
 					fnDisplayManaged(data.managedRsn);
 
 					orgData = data; // 기존 데이터
-					
+					$('input[name=homeDtlAddr]').val($('input[name=homeDtlAddr]').val().replaceXSS());
+					console.log($('input[name=recipDtlAddr]').val($('input[name=recipDtlAddr]').val()));
 					// 고객계좌정보 조회
 					fnGetCustAccountInfo();
 				}
@@ -1472,7 +1474,7 @@
 	// 배송지 조회
 	var fnCustSearchDelivery = function () {
 		const actionUrl = "/customer/delivery/list/" + custNo;
-		gagaAgGrid.fetch(actionUrl, gridAddrOptions);
+		gagaAgGrid.fetch(actionUrl, gridAddrOptions,null,fnChangeGrid);
 		$('#btnCustAddrNew').trigger('click');
 	};
 
@@ -1527,7 +1529,7 @@
 	var fnSearchContact = function () {
 		$('#custContactHstForm')[0].reset();
 		const actionUrl = "/customer/contact/list/" + custNo;
-		gagaAgGrid.fetch(actionUrl, gridContactOptions);
+		gagaAgGrid.fetch(actionUrl, gridContactOptions,null,fnChangeGrid1);
 	};
 
 	// 회원등급변경이력 조회
@@ -1749,6 +1751,46 @@
 		let popupHeight = window.screen.height;
 		window.open(actionUrl);
 	});
+	
+	var fnUnEscapeHtml = function(){	//XSS 변환
+		$('input[name=delvAddrNm]').val($('input[name=delvAddrNm]').val().replaceXSS());
+		$('input[name=recipNm]').val($('input[name=recipNm]').val().replaceXSS());
+		$('input[name=recipDtlAddr]').val($('input[name=recipDtlAddr]').val().replaceXSS());
+		$('input[name=recipZipcode]').val($('input[name=recipZipcode]').val().replaceXSS());
+		$('input[name=recipBaseAddr]').val($('input[name=recipBaseAddr]').val().replaceXSS());
+	};
+	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridAddrOptions);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let recipNm = item.recipDtlAddr;
+			let recipDtlAddr = item.recipDtlAddr;
+			let recipZipcode = item.recipZipcode;
+			let recipBaseAddr = item.recipBaseAddr;
+			
+			item.recipNm = recipNm.replaceXSS();
+			item.recipDtlAddr = recipDtlAddr.replaceXSS();
+			item.recipZipcode = recipZipcode.replaceXSS();
+			item.recipBaseAddr = recipBaseAddr.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridAddrOptions.api.setRowData(modifyList);
+	};
+	
+	var fnChangeGrid1 = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridContactOptions);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let contactContents = item.contactContents;
+			
+			item.contactContents = contactContents.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridContactOptions.api.setRowData(modifyList);
+	};
 
 	$(document).ready(function () {
 
@@ -1777,7 +1819,7 @@
 		gagaAgGrid.createGrid('custContactList', gridContactOptions);	// 회원접촉이력 그리드
 	});
 
-
+	
 	/*]]>*/
 </script>
 

src/main/webapp/WEB-INF/views/customer/OneToOneQnaDetailForm.html

@@ -250,9 +250,9 @@
 				tag += '</tr>\n';
 				$('#otoQnaCounselInfo').html(tag);
 				
-				$('#otoQnaQuestTitle').html(result.questTitle);
+				$('#otoQnaQuestTitle').html(result.questTitle.replaceXSS());
 				$('#otoQnaSmsReqYn').html((result.smsReqYn == "Y" ? "수신" : "미수신"));
-				$('#qnaDetailForm textarea[name=questContent]').val(result.questContent);
+				$('#qnaDetailForm textarea[name=questContent]').val(result.questContent.replaceXSS());
 				
 				tag = '';
 				if (!gagajf.isNull(result.sysFileNm1)) {
@@ -272,8 +272,8 @@
 				}
 				$('#otoQnaLayerReviewPic').html(tag);
 				
-				$('#qnaDetailForm input[name=ansTitle]').val(result.ansTitle);
-				$('#qnaDetailForm textarea[name=ansContent]').val(result.ansContent);
+				$('#qnaDetailForm input[name=ansTitle]').val(result.ansTitle.replaceXSS());
+				$('#qnaDetailForm textarea[name=ansContent]').val(result.ansContent.replaceXSS());
 				cfnGetTextLength($('textarea[name=ansContent]'), 4000, $('#dpLocAnsContent'));
 				
 				$('#qnaDetailForm select[name=assignedCsNo]').val(result.assignedCsNo);
@@ -463,6 +463,12 @@
 		gagaAgGrid.fetch(actionUrl, gridOneToOneCounselOptions);
 	}
 	
+	var fnUnEscapeHtml = function(){	//XSS변환
+	 	$('#qnaDetailForm textarea[name=questContent]').val($('#qnaDetailForm textarea[name=questContent]').val().replaceXSS());
+	 	$('#qnaDetailForm input[name=ansTitle]').val($('#qnaDetailForm input[name=ansTitle]').val().replaceXSS());
+	 	$('#qnaDetailForm textarea[name=ansContent]').val($('#qnaDetailForm textarea[name=ansContent]').val().replaceXSS());
+	};
+	
 	$(document).ready(function() {
 		cfnGetTextLength($('textarea[name=ansContent]'), 4000, $('#dpLocAnsContent'));
 		

src/main/webapp/WEB-INF/views/display/CategoryForm.html

@@ -255,6 +255,7 @@
 		
 		$('#detailForm input:radio[name=dispYn]:input[value=' + event.data.dispYn + ']').click();
 		$('#detailForm input:radio[name=useYn]:input[value=' + event.data.useYn + ']').click();
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	/**
@@ -446,6 +447,17 @@
 		});
 	});
 	
+	String.prototype.replaceXSS = function (){	//XSS변환
+		var str = this;
+		str = str.split(/&lt;/g).join("<");
+		str = str.split(/&gt;/g).join(">");
+		return str;
+	}
+	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#detailForm input[name=cateNm]').val($('#detailForm input[name=cateNm]').val().replaceXSS());
+	};
+	
 	$(document).ready(function() {
 		// Create a agGrid
 		gagaAgGrid.createGrid('gridList', gridOptions);

src/main/webapp/WEB-INF/views/display/LookbookListForm.html

@@ -238,6 +238,7 @@
 		$('#searchForm').find('#endPgNo').html(result.pageing.pageable.totalPage.addComma());
 		gridOptions.api.setRowData(result.lookbookList);
 		gagaPaging.createPagination(result.pageing.pageable);
+		fnChangeGrid();	//XSS 그리드 내 변환
 	}
 
 	// 노출안함
@@ -281,6 +282,19 @@
 		$("#searchForm").find("input[name=brandNm]").val(result[0].brandGroupNm);
 		
 	}
+	
+	var fnChangeGrid = function(){ 	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let title = item.title;
+			
+			item.title = title.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
+	}
 
 	$(document).ready(function() {
 		// Create a agGrid

src/main/webapp/WEB-INF/views/display/SearchKeywordForm.html

@@ -154,6 +154,7 @@
 			var dispEddt = event.data.dispEddt.replaceAll('-','');
 			$(formId + " input[name=dispEddt]").val(dispEddt.substr(0,4)+"-"+dispEddt.substr(4,2)+"-"+dispEddt.substr(6,2));
 		}
+		fnUnEscapeHtml();	//XSS변환
 	}
 	
 	// 신규 버튼 클릭
@@ -174,7 +175,7 @@
 		$('#searchForm').find('input[name=edDate]').val($('#searchForm').find('input[name=edDate]').val().replaceAll('-',''));
 
 		// Fetch data
-		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions, '#searchForm');
+		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions, '#searchForm',fnChangeGrid);
 		$("#btnNew").click();
 	});
 	
@@ -283,6 +284,27 @@
 		gagaKollus.upload('Goods', file, $('input[name=kufKey]'));
 	});
 	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#detailForm input[name=keyword]').val($('#detailForm input[name=keyword]').val().replaceXSS());
+		$('#detailForm input[name=linkUrl]').val($('#detailForm input[name=linkUrl]').val().replaceXSS());
+	};
+	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions);
+		
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let keyword = item.keyword;
+			let linkUrl = item.linkUrl;
+			
+			item.keyword = keyword.replaceXSS();
+			item.linkUrl = linkUrl.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
+	};
+	
 	$(document).ready(function() {
 		
 		cfnCreateCalendar('#sellTerms', 'stDate', 'edDate', true, '등록일', true);

src/main/webapp/WEB-INF/views/envset/AnswerPhaseForm.html

@@ -226,11 +226,12 @@
 		$('#detailForm input[name=kakaoCd]').val(event.data.kakaoCd); // 카카오템플릿코드
 		$('#detailForm input[name=buttonNm]').val(event.data.buttonNm); // 카카오버튼명
 		$('#detailForm input[name=buttonUrl]').val(event.data.buttonUrl); // 카카오버튼URL
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 검색
 	$('#btnSearch').on('click', function() {
-		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions, '#searchForm');
+		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions, '#searchForm',fnChangeGrid);
 	});
 	
 	// 신규
@@ -265,6 +266,35 @@
 		gagaAgGrid.exportToExcel('답변문구 목록', gridOptions);
 	});
 	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#detailForm input[name=ansTitle]').val($('#detailForm input[name=ansTitle]').val().replaceXSS());
+		$('#detailForm textarea[name=ansContent]').val($('#detailForm textarea[name=ansContent]').val().replaceXSS());
+		$('#detailForm input[name=kakaoCd]').val($('#detailForm input[name=kakaoCd]').val().replaceXSS());
+		$('#detailForm input[name=buttonNm]').val($('#detailForm input[name=buttonNm]').val().replaceXSS());
+		$('#detailForm input[name=buttonUrl]').val($('#detailForm input[name=buttonUrl]').val().replaceXSS());
+	}
+	
+	var fnChangeGrid = function(){	//그리드 내 XSS변환
+		var data = gagaAgGrid.getAllRowData(gridOptions);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let ansContent = item.ansContent;
+			let ansTitle = item.ansTitle;
+			let buttonNm = item.buttonNm;
+			let buttonUrl = item.buttonUrl;
+			let kakaoCd = item.kakaoCd;
+			
+			item.ansContent = ansContent.replaceXSS();
+			item.ansTitle = ansTitle.replaceXSS();
+			item.buttonNm = buttonNm.replaceXSS();
+			item.buttonUrl = buttonUrl.replaceXSS();
+			item.kakaoCd = kakaoCd.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
+	}
+	
 	$(document).ready(function() {
 		gagaAgGrid.createGrid('gridList', gridOptions);
 	});

src/main/webapp/WEB-INF/views/envset/BasicEnvsetForm.html

@@ -486,6 +486,7 @@
 							}
 						}
 					}
+				fnUnEscapeHtml();	//XSS변환
 				});
 
 		// 회원기본설정
@@ -757,6 +758,13 @@
 		oParam.returnName = strReturnName;
 		cfnOpenCouponRetrievePopup($(strReturnName).val(), oParam);
 	}
+	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('input[name=b10StrSetVal1]').val($('input[name=b10StrSetVal1]').val().replaceXSS());
+		$('input[name=b10StrSetVal2]').val($('input[name=b10StrSetVal2]').val().replaceXSS());
+		$('input[name=b10StrSetVal3]').val($('input[name=b10StrSetVal3]').val().replaceXSS());
+		$('input[name=b10StrSetVal5]').val($('input[name=b10StrSetVal5]').val().replaceXSS());
+	};
 
 	$(document).ready(function() {
 		$('select[name=siteCd]').trigger('change');

src/main/webapp/WEB-INF/views/goods/ColorForm.html

@@ -210,8 +210,27 @@
 	//조회
 	var fnSearch = function() {
 		var formId = "#searchForm";
-		gagaAgGrid.fetch($(formId).prop('action'), gridOptions, formId);
+		gagaAgGrid.fetch($(formId).prop('action'), gridOptions, formId,fnChangeGrid);
 	}
+	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let colorCd = item.colorCd;
+			let colorEnm = item.colorEnm;
+			let colorKnm = item.colorKnm;
+			let colorFile = item.colorFile;
+			
+			item.colorCd = colorCd.replaceXSS();
+			item.colorEnm = colorEnm.replaceXSS();
+			item.colorKnm = colorKnm.replaceXSS();
+			item.colorFile = colorFile.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
+	};
 
 	$(document).ready(function() {
 		// Create a agGrid

src/main/webapp/WEB-INF/views/goods/GoodsAdKeywordForm.html

@@ -229,6 +229,7 @@
 
 		// 상품 목록
 		fnGetadKeywordGoodsList(event.data.adKeywordSq);
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 검색
@@ -480,6 +481,10 @@
 		});
 	});
 	
+	var fnUnEscapeHtml = function(){	//XSS 변환
+		$('#goodsAdkeywordForm input[name=adKeyword]').val($('#goodsAdkeywordForm input[name=adKeyword]').val().replaceXSS());
+	};
+
 	$(document).ready(function() {
 		
 		cfnCreateCalendar('#sellTerms', 'stDate', 'edDate', true, '기간', 'X');

src/main/webapp/WEB-INF/views/goods/GoodsContentsForm.html

@@ -357,6 +357,7 @@
 
 		// 상품 목록
 		fnGetContentsGoodsList(event.data.goodsContentsSq);
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 검색
@@ -827,6 +828,10 @@
 		});
 	});
 	
+	var fnUnEscapeHtml = function(){	//XSS 변환
+		$('#goodsContentsForm input[name=goodsContentsTitle]').val($('#goodsContentsForm input[name=goodsContentsTitle]').val().replaceXSS());
+		$('#goodsContentsForm input[name=kmcKey]').val($('#goodsContentsForm input[name=kmcKey]').val().replaceXSS());
+	}
 	$(document).ready(function() {
 		
 		cfnCreateCalendar('#sellTerms', 'stDate', 'edDate', true, '공지일', 'X');

src/main/webapp/WEB-INF/views/goods/GoodsDetailForm.html

@@ -1309,6 +1309,7 @@
 			}
 			//이력
 			fnGoodsDetailHstSearch();
+			fnUnEscapeHtml();	//XSS변환
 
 		}
 
@@ -1370,7 +1371,7 @@
 
 	//이력
 	var fnGoodsDetailHstSearch = function() {
-		gagaAgGrid.fetch("/goods/detail/hst/list?goodsCd=" + $('#goodsDetailForm input[name=goodsCd]').val() , gridGoodsHstoryOptions);
+		gagaAgGrid.fetch("/goods/detail/hst/list?goodsCd=" + $('#goodsDetailForm input[name=goodsCd]').val() , gridGoodsHstoryOptions,null,fnChangeGrid);
 	}
 
 	//정보고시 콜백
@@ -2877,6 +2878,28 @@
 	$("img").on("error", function () {
 		$(this).attr("src",  _uximgUrl+"/image/no.png");
 	});
+	
+	var fnUnEscapeHtml = function(){	//XSS변환
+	 	$('#goodsDetailForm input[name=goodsTnm]').val($('#goodsDetailForm input[name=goodsTnm]').val().replaceXSS());
+	 	$('#goodsDetailForm input[name=goodsNm]').val($('#goodsDetailForm input[name=goodsNm]').val().replaceXSS());
+	 	$('#goodsDetailForm input[name=goodsTitlesDesc]').val($('#goodsDetailForm input[name=goodsTitlesDesc]').val().replaceXSS());
+	};
+	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridGoodsHstoryOptions);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			if(item.goodsTnm != null && item.goodsTnm != undefined && item.goodsTnm != ""){
+			let goodsTnm = item.goodsTnm;
+			let goodsSnm = item. goodsSnm;
+			
+			item.goodsTnm = goodsTnm.replaceXSS();
+			item.goodsSnm = goodsSnm.replaceXSS();
+			}
+			modifyList.push(item);
+		});
+		gridGoodsHstoryOptions.api.setRowData(modifyList);
+	};
 
 	$(document).ready(function() {
 

src/main/webapp/WEB-INF/views/goods/GoodsNoticeForm.html

@@ -255,6 +255,7 @@
 
 		// 상품 목록
 		fnGetNoticeGoodsList(event.data.noticeSq);
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 초기화 클릭시
@@ -590,6 +591,10 @@
 		});
 	});
 	
+	var fnUnEscapeHtml = function(){	//XSS 변환
+		$('#goodsNoticeForm input[name=noticeTitle]').val($('#goodsNoticeForm input[name=noticeTitle]').val().replaceXSS());
+	};
+	
 	$(document).ready(function() {
 		
 		cfnCreateCalendar('#sellTerms', 'stDate', 'edDate', true, '공지일', 'X');

src/main/webapp/WEB-INF/views/goods/GoodsPopupListForm.html

@@ -493,8 +493,17 @@
 			if (typeof item.brandKnm != "undefined" && !gagajf.isNull(item.brandKnm)) item.brandKnm = item.brandKnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
 			if (typeof item.brandGroupNm != "undefined" && !gagajf.isNull(item.brandGroupNm)) item.brandGroupNm = item.brandGroupNm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
 		});
-
-		popupGoodsGridOptions.api.setRowData(result.goodsList);
+		var data = result.goodsList
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+	
+			let goodsNm = item.goodsNm;
+			
+			item.goodsNm = goodsNm.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		popupGoodsGridOptions.api.setRowData(modifyList);
 		gagaPaging.createPagination(result.pageing.pageable);
 
 	}

src/main/webapp/WEB-INF/views/goods/GoodsSizeInfoForm.html

@@ -207,6 +207,7 @@
 			$('#sizeInfoForm input[name=sizeGb]').addClass("formControl");
 			
 		}
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 조회
@@ -293,6 +294,10 @@
 		});
 	});
 	
+	var fnUnEscapeHtml = function(){	//XSS 변환
+		$('#sizeInfoForm input[name=sizeCate2Nm]').val($('#sizeInfoForm input[name=sizeCate2Nm]').val().replaceXSS());
+	};
+	
 	$(document).ready(function() {
 		
 		// Create a agGrid

src/main/webapp/WEB-INF/views/goods/GoodsTitleReserveForm.html

@@ -332,7 +332,19 @@
 		$('#goodsTnmListForm').find('#pageNo').val(result.pageing.pageable.pageNo.addComma());
 		$('#goodsTnmListForm').find('#pgNo').html(result.pageing.pageable.pageNo.addComma());
 		$('#goodsTnmListForm').find('#endPgNo').html(result.pageing.pageable.totalPage.addComma());
-		gridOptions.api.setRowData(result.goodsTnmList);
+		var data = result.goodsTnmList;		//XSS 그리드 내 변환
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			if(item.goodsTnm != null && item.goodsTnm !=  '' && item.goodsTnm != 'undefined'){
+			let goodsTnm = item.goodsTnm;
+			let regGoodsTnm = item.regGoodsTnm;
+			
+			item.goodsTnm = goodsTnm.replaceXSS();
+			item.regGoodsTnm = regGoodsTnm.replaceXSS();
+			}
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);	
 		gagaPaging.createPagination(result.pageing.pageable);
 	}
 	

src/main/webapp/WEB-INF/views/goods/ItemkindBaseForm.html

@@ -196,9 +196,22 @@
 	// 조회
 	var fnSearch = function() {
 		var formId = "#searchForm";
-		gagaAgGrid.fetch($(formId).prop('action'), gridOptions, formId);
+		gagaAgGrid.fetch($(formId).prop('action'), gridOptions, formId,fnChangeGrid);
 	}
 	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let itemkindCd = item.itemkindCd;
+
+			item.itemkindCd = itemkindCd.replaceXSS();
+
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
+	};
+	
 	$(document).ready(function() {
 		// Create a agGrid
 		gagaAgGrid.createGrid('gridList', gridOptions);

src/main/webapp/WEB-INF/views/goods/WmsColorMappingForm.html

@@ -171,8 +171,23 @@
 	//조회
 	var fnSearch = function() {
 		var formId = "#searchForm";
-		gagaAgGrid.fetch($(formId).prop('action'), gridOptions, formId);
+		gagaAgGrid.fetch($(formId).prop('action'), gridOptions, formId,fnChangeGrid);
 	}
+	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let wmsColorCd = item.wmsColorCd;
+			let wmsColorNm = item.wmsColorNm;
+
+			item.wmsColorCd = wmsColorCd.replaceXSS();
+			item.wmsColorNm = wmsColorNm.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
+	};
 
 	$(document).ready(function() {
 		// Create a agGrid

src/main/webapp/WEB-INF/views/marketing/FreeGoodsPromotionRegiForm.html

@@ -613,6 +613,7 @@
 			gridOptionsFreeGoods1List.api.setRowData(freegift.freeGoods1);
 			gridOptionsFreeGoods2List.api.setRowData(freegift.freeGoods2);
 		}
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 프로모션 상세 조회
@@ -623,6 +624,11 @@
 
 		cfnAjaxSubmit("/marketing/freegoods/promotion/detail", "json", fnFreeGoodsPromotionSearchCallback, params);
 	}
+	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#freeGoodsPromotionForm input[name=freegiftNm]').val($('#freeGoodsPromotionForm input[name=freegiftNm]').val().replaceXSS());
+		$('#freeGoodsPromotionForm input[name=goodsNm]').val($('#freeGoodsPromotionForm input[name=goodsNm]').val().replaceXSS());
+	};
 
 	$(document).ready(function() {
 		gagaAgGrid.createGrid("gridFGExtmallList", gridOptionsFGExtmallList);

src/main/webapp/WEB-INF/views/marketing/PlanCornerListForm.html

@@ -182,6 +182,17 @@
 
 		gagajf.ajaxJsonSubmit(actionUrl, jsonData, function(data) {
 			gridOptionsGoods.api.setRowData(data.planGoodsList);
+			var data = data.planGoodsList;		//XSS 그리드 내 변환
+			let modifyList = [];
+			$.each(data, function(idx, item) {
+
+				let goodsNm = item.goodsNm;
+				
+				item.goodsNm = goodsNm.replaceXSS();
+			
+				modifyList.push(item);
+			});
+			gridOptionsGoods.api.setRowData(modifyList);
 		});
 	}
 
@@ -533,6 +544,20 @@
 		cfnOpenGoodsDispOrdChangePopup('fnConnerGoodsSearch', params);
 	}
 	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptionsGoods);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+
+			let goodsNm = item.goodsNm;
+			
+			item.goodsNm = goodsNm.replaceXSS();
+		
+			modifyList.push(item);
+		});
+		gridOptionsGoods.api.setRowData(modifyList);
+	};
+
 	$(document).ready(function() {
 		gagaAgGrid.createGrid('gridListCorner', gridOptionsCorner);
 		gagaAgGrid.createGrid('gridListGoods', gridOptionsGoods);

src/main/webapp/WEB-INF/views/marketing/PlanListForm.html

@@ -361,8 +361,15 @@
 		$('#planListSearchForm').find('#pageNo').val(result.pageing.pageable.pageNo.addComma());
 		$('#planListSearchForm').find('#pgNo').html(result.pageing.pageable.pageNo.addComma());
 		$('#planListSearchForm').find('#endPgNo').html(result.pageing.pageable.totalPage.addComma());
-		gridOptions.api.setRowData(result.planList);
-		
+		var data = result.planList;		//XSS 그리드 내 변환
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let dtlTitle1 = item.dtlTitle1;
+			item.dtlTitle1 = dtlTitle1.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
 		gagaPaging.createPagination(result.pageing.pageable);
 	}
 	

src/main/webapp/WEB-INF/views/marketing/PollListForm.html

@@ -360,6 +360,7 @@
 				cfnOpenModalPopup(actionUrl, 'pollVoteRatePopup');
 			}
 		}
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 투표자 조회
@@ -812,6 +813,10 @@
 	$('#btnExcel').on('click', function() {
 		gagaAgGrid.exportToExcel('투표자 목록', gridOptionsVote);
 	});
+	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#registerForm input[name=pollTitle]').val($('#registerForm input[name=pollTitle]').val().replaceXSS());
+	};
 
 	$(document).ready(function() {
 		

src/main/webapp/WEB-INF/views/marketing/ShotDeliveryForm.html

@@ -249,7 +249,16 @@
 		var jsonData = JSON.stringify(data);
 
 		gagajf.ajaxJsonSubmit(actionUrl, jsonData, function(data) {
-			gridOptionsGoods.api.setRowData(data.brandGoodsList);
+			var data = data.brandGoodsList;		//XSS 그리드 내 변환
+			let modifyList = [];
+			$.each(data, function(idx, item) {
+				let goodsNm = item.goodsNm;
+				
+				item.goodsNm = goodsNm.replaceXSS();
+				
+				modifyList.push(item);
+			});
+			gridOptionsGoods.api.setRowData(modifyList);
 		});
 	}
 	

src/main/webapp/WEB-INF/views/marketing/SocialShoppingListForm.html

@@ -342,6 +342,7 @@
 
 		$('.tabsNav li').eq(0).trigger('click');
 		fnBindDetail(event.data); // 바인딩
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 바인딩
@@ -587,8 +588,16 @@
 		$('#searchForm').find('#pageNo').val(result.pageing.pageable.pageNo.addComma());
 		$('#searchForm').find('#pgNo').html(result.pageing.pageable.pageNo.addComma());
 		$('#searchForm').find('#endPgNo').html(result.pageing.pageable.totalPage.addComma());
-		gridOptions.api.setRowData(result.socialList);
-		
+		var data = result.socialList;		//XSS 그리드 내 변환
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let socialTnm = item.socialTnm;
+			
+			item.socialTnm = socialTnm.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
 		gagaPaging.createPagination(result.pageing.pageable);
 	}
 	
@@ -902,6 +911,11 @@
 		$('#detailForm select[name=planSq]').val(result[0].planSq);
 	}
 	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#detailForm input[name=socialNm]').val($('#detailForm input[name=socialNm]').val().replaceXSS());
+		$('#detailForm input[name=socialTnm]').val($('#detailForm input[name=socialTnm]').val().replaceXSS());
+	};
+	
 	$(document).ready(function() {
 		cfnCreateCalendar('#terms', 'stDate', 'edDate', false);
 

src/main/webapp/WEB-INF/views/ocm/ExtmallForm.html

@@ -276,12 +276,12 @@
 		} else {
 			$('#detailForm input:radio[name=delvFeeSumYn]').eq(1).trigger('click');
 		}
-		
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 검색
 	$('#btnSearch').on('click', function() {
-		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions, '#searchForm');
+		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions, '#searchForm',fnChangeGrid);
 	});
 	
 	// 신규버튼
@@ -311,6 +311,33 @@
 	$('#btnExcel').on('click', function() {
 		gagaAgGrid.exportToExcel('제휴몰 목록', gridOptions);
 	});
+	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#detailForm input[name=extmallId]').val($('#detailForm input[name=extmallId]').val().replaceXSS());
+		$('#detailForm input[name=extmallUserId]').val($('#detailForm input[name=extmallUserId]').val().replaceXSS());
+		$('#detailForm input[name=extmallNm]').val($('#detailForm input[name=extmallNm]').val().replaceXSS());
+		$('#detailForm input[name=extmallTel]').val($('#detailForm input[name=extmallTel]').val().replaceXSS());
+	};
+	
+	var fnChangeGrid = function(){	//그리드 내 XSS변환
+		var data = gagaAgGrid.getAllRowData(gridOptions);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			if(item.extmallTel != null && item.extmallTel !=  '' && item.extmallTel != 'undefined'){
+			let extmallId = item.extmallId;
+			let extmallUserId = item.extmallUserId;
+			let extmallNm = item.extmallNm;
+			let extmallTel = item.extmallTel;
+			
+			item.extmallId = extmallId.replaceXSS();
+			item.extmallUserId = extmallUserId.replaceXSS();
+			item.extmallNm = extmallNm.replaceXSS();
+			item.extmallTel = extmallTel.replaceXSS();
+			}
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
+	}
 
 	$(document).ready(function() {
 		// Create a agGrid

src/main/webapp/WEB-INF/views/shoplinker/ShoplinkerStockForm.html

@@ -271,7 +271,16 @@
 		$('#searchForm').find('#pageNo').val(result.pageing.pageable.pageNo.addComma());
 		$('#searchForm').find('#pgNo').html(result.pageing.pageable.pageNo.addComma());
 		$('#searchForm').find('#endPgNo').html(result.pageing.pageable.totalPage.addComma());
-		gridOptions.api.setRowData(result.stockList);
+		var data = result.stockList;		//XSS 그리드 내 변환
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let apiMessage = item.apiMessage;
+			
+			item.apiMessage = apiMessage.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridOptions.api.setRowData(modifyList);
 		gagaPaging.createPagination(result.pageing.pageable);
 
 	}

src/main/webapp/WEB-INF/views/system/BatchForm.html

@@ -288,6 +288,7 @@
 		
 		// 배치로그 조회
 		fnGetBatchLogByBatchId(event.data.batchId);
+		fnUnEscapeHtml();	//XSS변환
 	}
 	
 	// 배치 실행
@@ -318,8 +319,8 @@
 	// 조회
 	$('#btnSearch').on('click', function() {
 		// Fetch data
-		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions1, '#searchForm');
-		gagaAgGrid.fetch('/system/batch/log/list', gridOptions2, '#searchForm');
+		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions1, '#searchForm',fnChangeGrid);
+		gagaAgGrid.fetch('/system/batch/log/list', gridOptions2, '#searchForm',fnChangeGrid1);
 	});
 
 	// 신규
@@ -361,6 +362,41 @@
 		$('#searchForm input[name=batchId]').val(batchId);
 		gagaAgGrid.fetch('/system/batch/log/list', gridOptions2, '#searchForm');
 	}
+	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#detailForm input[name=batchNm]').val($('#detailForm input[name=batchNm]').val().replaceXSS());
+		$('#detailForm textarea[name=batchDesc]').val($('#detailForm textarea[name=batchDesc]').val().replaceXSS());
+		$('#detailForm input[name=batchUrl]').val($('#detailForm input[name=batchUrl]').val().replaceXSS());
+	};
+	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions1);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let batchNm = item.batchNm;
+			let batchUrl = item.batchUrl;
+
+			
+			item.batchNm = batchNm.replaceXSS();
+			item.batchUrl = batchUrl.replaceXSS();
+
+			modifyList.push(item);
+		});
+		gridOptions1.api.setRowData(modifyList);
+	};
+	
+	var fnChangeGrid1 = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions2);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let batchNm = item.batchNm;
+
+			item.batchNm = batchNm.replaceXSS();
+
+			modifyList.push(item);
+		});
+		gridOptions2.api.setRowData(modifyList);
+	};
 
 	$(document).ready(function() {
 		cfnCreateCalendar('#terms', 'batchStdt', 'batchEddt');

src/main/webapp/WEB-INF/views/system/CommoncodeForm.html

@@ -168,6 +168,7 @@
 			return;
 
 		fnBindDetail(event.data, 1);
+		fnUnEscapeHtml();	//XSS변환
 	}
 	
 	gridOptions2.onCellClicked = function(event) {
@@ -175,6 +176,7 @@
 			return;
 
 		fnBindDetail(event.data, 2);
+		fnUnEscapeHtml();	//XSS변환
 	}
 	
 	// 목록 > row 클릭 시
@@ -216,7 +218,7 @@
 	let fnGetDetailCode = function(cd) {
 		gCd = cd;
 		let actionUrl = $('#searchForm').prop('action') + '?cdGb=' + cd;
-		gagaAgGrid.fetch(actionUrl, gridOptions2);
+		gagaAgGrid.fetch(actionUrl, gridOptions2,null,fnChangeGrid);
 	}
 	
 	// 신규
@@ -245,6 +247,28 @@
 		});
 	});
 	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#detailForm input[name=cd]').val($('#detailForm input[name=cd]').val().replaceXSS());
+		$('#detailForm input[name=cdNm]').val($('#detailForm input[name=cdNm]').val().replaceXSS());
+		$('#detailForm textarea[name=cdDesc]').val($('#detailForm textarea[name=cdDesc]').val().replaceXSS());
+	};
+	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions2);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			
+			let cdNm = item.cdNm;
+			let cdDesc = item.cdDesc;
+			
+			item.cdNm = cdNm.replaceXSS();
+			item.cdDesc = cdDesc.replaceXSS();
+			
+			modifyList.push(item);
+		});
+		gridOptions2.api.setRowData(modifyList);
+	};
+	
 	$(document).ready(function() {
 		// Create a agGrid
 		gagaAgGrid.createGrid('gridList1', gridOptions1);

src/main/webapp/WEB-INF/views/system/MenuForm.html

@@ -329,6 +329,7 @@
 			return;
 
 		fnBindDetail(event.data);
+		fnUnEscapeHtml();	//XSS변환
 	}
 	
 	// 조회
@@ -500,6 +501,11 @@
 			}
 		});
 	});
+
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#detailForm input[name=menuNm]').val($('#detailForm input[name=menuNm]').val().replaceXSS());
+		$('#detailForm input[name=menuUrl]').val($('#detailForm input[name=menuUrl]').val().replaceXSS());
+	};
 	
 	$(document).ready(function() {
 		// Create a agGrid

src/main/webapp/WEB-INF/views/system/SampleFileForm.html

@@ -139,6 +139,7 @@
 		}
 		
 		$('#detailForm input:checkbox[name=chkUseYn]').attr('readonly', false);
+		fnUnEscapeHtml();	//XSS변환
 	}
 
 	// 조회
@@ -204,6 +205,10 @@
 				}
 		);
 	});
+	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#detailForm input[name=sampleFileNm]').val($('#detailForm input[name=sampleFileNm]').val().replaceXSS());
+	};
 
 	$(document).ready(function() {
 		// Create a agGrid

src/main/webapp/WEB-INF/views/system/SystemAlarmForm.html

@@ -198,16 +198,17 @@
 			// 수신자 목록
 			fnSearchReceiverList();
 		}
+		fnUnEscapeHtml();	//XSS변환
 	}
 	
 	$('#btnSearch').on('click', function() {
-		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions1, '#searchForm');
+		gagaAgGrid.fetch($('#searchForm').prop('action'), gridOptions1, '#searchForm',fnChangeGrid);
 	});
 	
 	// 수신자 목록 조회
 	var fnSearchReceiverList = function() {
 		let actionUrl = '/system/alarm/receiver/list/' + $('#detailForm input[name=alarmId]').val();
-		gagaAgGrid.fetch(actionUrl, gridOptions2);
+		gagaAgGrid.fetch(actionUrl, gridOptions2,null,fnChangeGrid1);
 	}
 	
 	// 신규
@@ -319,6 +320,40 @@
 		});
 	});
 	
+	var fnUnEscapeHtml = function(){	//XSS변환
+		$('#detailForm input[name=alarmTitle]').val($('#detailForm input[name=alarmTitle]').val().replaceXSS());
+		$('#detailForm input[name=alarmMsg]').val($('#detailForm input[name=alarmMsg]').val().replaceXSS());
+	};
+	
+	var fnChangeGrid = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions1);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let alarmTitle = item.alarmTitle;
+			let alarmMsg = item.alarmMsg;
+
+			
+			item.alarmTitle = alarmTitle.replaceXSS();
+			item.alarmMsg = alarmMsg.replaceXSS();
+
+			modifyList.push(item);
+		});
+		gridOptions1.api.setRowData(modifyList);
+	};
+	
+	var fnChangeGrid1 = function(){	//XSS 그리드 내 변환
+		var data = gagaAgGrid.getAllRowData(gridOptions2);
+		let modifyList = [];
+		$.each(data, function(idx, item) {
+			let receiverNm = item.receiverNm;
+			
+			item.receiverNm = receiverNm.replaceXSS();
+
+			modifyList.push(item);
+		});
+		gridOptions2.api.setRowData(modifyList);
+	};
+	
 	$(document).ready(function() {
 		gagaAgGrid.createGrid('gridList1', gridOptions1);
 		gagaAgGrid.createGrid('gridList2', gridOptions2);

src/main/webapp/ux/plugins/gaga/gaga.agGrid.js

@@ -1008,12 +1008,12 @@ var gagaAgGrid = {
 					try {
 						// 태그 치환
 						$(data).each(function(idx, item) {
-							if (typeof item.brandEnm != "undefined" && !gagajf.isNull(item.brandEnm)) item.brandEnm = item.brandEnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
-							if (typeof item.brandKnm != "undefined" && !gagajf.isNull(item.brandKnm)) item.brandKnm = item.brandKnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
-							if (typeof item.brandGroupNm != "undefined" && !gagajf.isNull(item.brandGroupNm)) item.brandGroupNm = item.brandGroupNm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
-							if (typeof item.brandGroupKnm != "undefined" && !gagajf.isNull(item.brandGroupKnm)) item.brandGroupKnm = item.brandGroupKnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
-							if (typeof item.brandGroupEnm != "undefined" && !gagajf.isNull(item.brandGroupEnm)) item.brandGroupEnm = item.brandGroupEnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
-							if (typeof item.goodsNm != "undefined" && !gagajf.isNull(item.goodsNm)) item.goodsNm = item.goodsNm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.brandEnm != "undefined" && !gagajf.isNull(item.brandEnm)) item.brandEnm = item.brandEnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.brandKnm != "undefined" && !gagajf.isNull(item.brandKnm)) item.brandKnm = item.brandKnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.brandGroupNm != "undefined" && !gagajf.isNull(item.brandGroupNm)) item.brandGroupNm = item.brandGroupNm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.brandGroupKnm != "undefined" && !gagajf.isNull(item.brandGroupKnm)) item.brandGroupKnm = item.brandGroupKnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.brandGroupEnm != "undefined" && !gagajf.isNull(item.brandGroupEnm)) item.brandGroupEnm = item.brandGroupEnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.goodsNm != "undefined" && !gagajf.isNull(item.goodsNm)) item.goodsNm = item.goodsNm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
 						});
 
 						gridOptions.api.setRowData(data);
@@ -1057,12 +1057,12 @@ var gagaAgGrid = {
 					try {
 						// 태그 치환
 						$(data).each(function(idx, item) {
-							if (typeof item.brandEnm != "undefined" && !gagajf.isNull(item.brandEnm)) item.brandEnm = item.brandEnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
-							if (typeof item.brandKnm != "undefined" && !gagajf.isNull(item.brandKnm)) item.brandKnm = item.brandKnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
-							if (typeof item.brandGroupNm != "undefined" && !gagajf.isNull(item.brandGroupNm)) item.brandGroupNm = item.brandGroupNm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
-							if (typeof item.brandGroupKnm != "undefined" && !gagajf.isNull(item.brandGroupKnm)) item.brandGroupKnm = item.brandGroupKnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
-							if (typeof item.brandGroupEnm != "undefined" && !gagajf.isNull(item.brandGroupEnm)) item.brandGroupEnm = item.brandGroupEnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
-							if (typeof item.goodsNm != "undefined" && !gagajf.isNull(item.goodsNm)) item.goodsNm = item.goodsNm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.brandEnm != "undefined" && !gagajf.isNull(item.brandEnm)) item.brandEnm = item.brandEnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.brandKnm != "undefined" && !gagajf.isNull(item.brandKnm)) item.brandKnm = item.brandKnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.brandGroupNm != "undefined" && !gagajf.isNull(item.brandGroupNm)) item.brandGroupNm = item.brandGroupNm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.brandGroupKnm != "undefined" && !gagajf.isNull(item.brandGroupKnm)) item.brandGroupKnm = item.brandGroupKnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.brandGroupEnm != "undefined" && !gagajf.isNull(item.brandGroupEnm)) item.brandGroupEnm = item.brandGroupEnm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
+							if (typeof item.goodsNm != "undefined" && !gagajf.isNull(item.goodsNm)) item.goodsNm = item.goodsNm.replaceAll('&amp;', '&').replaceAll('&gt;', '>').replaceAll('&lt;', '<').replaceAll('&nbsp;', ' ');
 						});
 
 						gridOptions.api.setRowData(data);