Merge branch 'develop' of http://112.172.147.34:4936/style24/style24.front into develop

src/main/java/com/style24/front/support/config/TsfWebMvcConfig.java

@@ -1,14 +1,18 @@
 package com.style24.front.support.config;
 
 import java.nio.charset.Charset;
+import java.util.Iterator;
 import java.util.List;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.MediaType;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.StringHttpMessageConverter;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.mobile.device.DeviceHandlerMethodArgumentResolver;
 import org.springframework.mobile.device.DeviceResolverHandlerInterceptor;
 import org.springframework.mobile.device.site.SitePreferenceHandlerInterceptor;
@@ -18,7 +22,9 @@ import org.springframework.web.multipart.support.MultipartFilter;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.style24.core.support.filter.TscXssServletFilter;
+import com.style24.core.support.text.TscHtmlCharacterEscapes;
 import com.style24.front.support.interceptor.TsfAflinkInterceptor;
 import com.style24.front.support.interceptor.TsfDefaultInterceptor;
 import com.style24.front.support.interceptor.TsfGoodsViewInterceptor;
@@ -193,6 +199,37 @@ public class TsfWebMvcConfig implements WebMvcConfigurer {
 		return bean;
 	}
 
+	/**
+	 * MappingJackson2HttpMessageConverter가 여러 개일 경우 내가 추가한 것이 선택되지 않을 수 있음
+	 * 그러므로 application/json으로 선택되는 converter를 덮어 써야 함
+	 */
+	@SuppressWarnings("rawtypes")
+	@Override
+	public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
+		// Replace MessageConverter from default WebMvcConfigurer
+		Iterator<HttpMessageConverter<?>> converterIterator = converters.iterator();
+		while (converterIterator.hasNext()) {
+			// Do not add new one, must replace
+			HttpMessageConverter converter = converterIterator.next();
+			if (converter.getSupportedMediaTypes().contains(MediaType.APPLICATION_JSON)) {
+				converterIterator.remove();
+			}
+		}
+		converters.add(jsonEscapeConverter());
+	}
+
+	/**
+	 * XSS(Cross Site Script) Prevention
+	 * 		@ResponseBody로 전달되는 JSON에 대한 처리
+	 * @return
+	 */
+	@Bean
+	public MappingJackson2HttpMessageConverter jsonEscapeConverter() {
+		ObjectMapper objectMapper = new ObjectMapper();
+		objectMapper.getFactory().setCharacterEscapes(new TscHtmlCharacterEscapes());
+		return new MappingJackson2HttpMessageConverter(objectMapper);
+	}
+
 	/**
 	 * API 호출을 위한 RestTemplate 설정
 	 * @return

src/main/webapp/WEB-INF/views/mob/app/NoticeFormMob.html

@@ -33,7 +33,7 @@
 				if (_osType === 'A') {
 					 window.style24.getPushList();
 				} else if (_osType === 'I') {
-					window.webkit.messageHandlers.getPushList.postMessage({"dummy":"dummy"});
+
 				}
 			} else {
 				$('#notice').addClass('nodata');
@@ -41,9 +41,6 @@
 	});
 
 	var pushListInfo = function (pushList) {
-		if (_osType === 'I') {
-			alert("pushList : " + pushList);
-		}
 		if (!gagajf.isNull(pushList)) {
 			let pushListJosn = JSON.parse(pushList);
 			let html = '';
@@ -68,7 +65,7 @@
 				html += '                </span>\n';
 				html += '            </dd>\n'
 				html += '        </dl>\n'
-				html += '    </a>\n';
+				html += '    </a>';
 				html += '</div>\n'
 			});
 			$('#notice').removeClass('nodata');

src/main/webapp/WEB-INF/views/mob/app/SettingFormMob.html

@@ -171,11 +171,11 @@
 				fnSetAppPush('OFF');
 				fnSetAdPush('OFF');
 				appAgreeYn = 'N';
-				$('#btnMkSetting').prop('checked', false);
 			}
 			if (isLogin) {
 				if (appAgreeYn === 'N') { // 마케팅도 N 처리
 					fnUpdatePush('N', 'N');
+					$('#btnMkSetting').prop('checked', false);
 				} else {
 					fnAppPushAgreeUpdate('Y');
 				}

src/main/webapp/WEB-INF/views/web/goods/GoodsCouponFormWeb.html

@@ -87,7 +87,7 @@
 			let list = result.goodsCouponList;
 
 			list.forEach(function(coupon){
-				if (coupon.cpnId == cpnId){
+				if (coupon.cpnId == cpnId){debugger;
 					if (Number(coupon.custPubLimitQty) > 0){
 						if (Number(coupon.custPubLimitQty) <= Number(coupon.custCouponCnt)){
 							$('#coupon_'+ coupon.cpnId).html('<span>받기완료</span>');

src/main/webapp/WEB-INF/views/web/goods/GoodsDetailFormWeb.html

@@ -828,19 +828,19 @@
 						<div th:id="${'goodsDescHtml_' + goodsCompose.compsGoodsCd}"></div>
 					</th:block>
 
-					<th:block th:if="${goodsCompose.tobeFormYn == 'Y'}">
+					<th:block th:if="${goodsInfo.tobeFormYn == 'Y'}">
 						<!-- 착용컷 노출 -->
-						<div class="view_outfit_box" th:if="${#strings.contains(goodsCompose.goodsImgList,'_C1') 
-															or #strings.contains(goodsCompose.goodsImgList,'_C2')
-															or #strings.contains(goodsCompose.goodsImgList,'_C3')
-															or #strings.contains(goodsCompose.goodsImgList,'_C4')
-															or #strings.contains(goodsCompose.goodsImgList,'_C5')}">
+						<div class="view_outfit_box" th:if="${#strings.contains(goodsImgList,'_C1') 
+															or #strings.contains(goodsImgList,'_C2')
+															or #strings.contains(goodsImgList,'_C3')
+															or #strings.contains(goodsImgList,'_C4')
+															or #strings.contains(goodsImgList,'_C5')}">
 							<span class="tit_view">OUTFIT VIEW</span>
-							<th:block th:each="goodsImg, status : ${goodsCompose.goodsImgList}" th:if="${status.first}">
+							<th:block th:each="goodsImg, status : ${goodsImgList}" th:if="${status.first}">
 							<span class="model_info" th:text="${goodsImg.modelInfo}">(모델정보 : 185cm / 78kg / XL 착용)</span>
 							</th:block>
 							<div class="view">
-								<th:block th:each="goodsImg, status : ${goodsCompose.goodsImgList}" th:if="${#strings.contains(goodsImg.sysImgNm,'_C1') 
+								<th:block th:each="goodsImg, status : ${goodsImgList}" th:if="${#strings.contains(goodsImg.sysImgNm,'_C1') 
 																							or #strings.contains(goodsImg.sysImgNm,'_C2')
 																							or #strings.contains(goodsImg.sysImgNm,'_C3')
 																							or #strings.contains(goodsImg.sysImgNm,'_C4')
@@ -852,20 +852,20 @@
 						
 						<!-- //착용컷 노출 -->
 						<!-- 상품컷 노출 -->
-						<div class="view_detail_box" th:if="${#strings.contains(goodsCompose.goodsImgList,'_01') or #strings.contains(goodsCompose.goodsImgList,'_02')
-															or #strings.contains(goodsCompose.goodsImgList,'_D1') or #strings.contains(goodsCompose.goodsImgList,'_D2')
-															or #strings.contains(goodsCompose.goodsImgList,'_D3') or #strings.contains(goodsCompose.goodsImgList,'_D4')
-															or #strings.contains(goodsCompose.goodsImgList,'_D5') or #strings.contains(goodsCompose.goodsImgList,'_D6')
-															or #strings.contains(goodsCompose.goodsImgList,'_D7') or #strings.contains(goodsCompose.goodsImgList,'_D8')
-															or #strings.contains(goodsCompose.goodsImgList,'_D9') or #strings.contains(goodsCompose.goodsImgList,'_D10')
-															or #strings.contains(goodsCompose.goodsImgList,'_D11') or #strings.contains(goodsCompose.goodsImgList,'_D12')
-															or #strings.contains(goodsCompose.goodsImgList,'_D13') or #strings.contains(goodsCompose.goodsImgList,'_D14')
-															or #strings.contains(goodsCompose.goodsImgList,'_D15') or #strings.contains(goodsCompose.goodsImgList,'_D16')
-															or #strings.contains(goodsCompose.goodsImgList,'_D17') or #strings.contains(goodsCompose.goodsImgList,'_D18')
-															or #strings.contains(goodsCompose.goodsImgList,'_D19') or #strings.contains(goodsCompose.goodsImgList,'_D20')}">
+						<div class="view_detail_box" th:if="${#strings.contains(goodsImgList,'_01') or #strings.contains(goodsImgList,'_02')
+															or #strings.contains(goodsImgList,'_D1') or #strings.contains(goodsImgList,'_D2')
+															or #strings.contains(goodsImgList,'_D3') or #strings.contains(goodsImgList,'_D4')
+															or #strings.contains(goodsImgList,'_D5') or #strings.contains(goodsImgList,'_D6')
+															or #strings.contains(goodsImgList,'_D7') or #strings.contains(goodsImgList,'_D8')
+															or #strings.contains(goodsImgList,'_D9') or #strings.contains(goodsImgList,'_D10')
+															or #strings.contains(goodsImgList,'_D11') or #strings.contains(goodsImgList,'_D12')
+															or #strings.contains(goodsImgList,'_D13') or #strings.contains(goodsImgList,'_D14')
+															or #strings.contains(goodsImgList,'_D15') or #strings.contains(goodsImgList,'_D16')
+															or #strings.contains(goodsImgList,'_D17') or #strings.contains(goodsImgList,'_D18')
+															or #strings.contains(goodsImgList,'_D19') or #strings.contains(goodsImgList,'_D20')}">
 							<span class="tit_view">PRODUCT VIEW</span>
 							<div class="view">
-								<th:block th:each="goodsImg, status : ${goodsCompose.goodsImgList}" th:if="${#strings.contains(goodsImg.sysImgNm,'_01') or #strings.contains(goodsImg.sysImgNm,'_02')
+								<th:block th:each="goodsImg, status : ${goodsImgList}" th:if="${#strings.contains(goodsImg.sysImgNm,'_01') or #strings.contains(goodsImg.sysImgNm,'_02')
 																							or #strings.contains(goodsImg.sysImgNm,'_D1') or #strings.contains(goodsImg.sysImgNm,'_D2')
 																							or #strings.contains(goodsImg.sysImgNm,'_D3') or #strings.contains(goodsImg.sysImgNm,'_D4')
 																							or #strings.contains(goodsImg.sysImgNm,'_D5') or #strings.contains(goodsImg.sysImgNm,'_D6')
@@ -882,22 +882,22 @@
 						</div>
 						<!-- //상품컷 노출 -->
 						<!-- 원단 노출 -->
-						<div class="view_fabric_box" th:if="${#strings.contains(goodsCompose.goodsImgList,'_F1')}">
+						<div class="view_fabric_box" th:if="${#strings.contains(goodsImgList,'_F1')}">
 							<span class="tit_view">FABRIC</span>
 							<div class="view">
-								<th:block th:each="goodsImg, status : ${goodsCompose.goodsImgList}" th:if="${#strings.contains(goodsImg.sysImgNm,'_F1')}">
+								<th:block th:each="goodsImg, status : ${goodsImgList}" th:if="${#strings.contains(goodsImg.sysImgNm,'_F1')}">
 								<img th:src="${imgGoodsUrl+'/'+goodsImg.sysImgNm+'?RS=720'}" alt="" th:onerror="'this.src=\''+@{${uxImgUrl}+ '/images/pc/thumb/bg_item_none.png'}+'\';'">
 								</th:block>
 							</div>
 						</div>
 						<!-- //원단 노출 -->
 						<!-- 라벨 노출 -->
-						<div class="view_label_box" th:if="${#strings.contains(goodsCompose.goodsImgList,'_L1') 
-															or #strings.contains(goodsCompose.goodsImgList,'_L2')}">
+						<div class="view_label_box" th:if="${#strings.contains(goodsImgList,'_L1') 
+															or #strings.contains(goodsImgList,'_L2')}">
 							<span class="tit_view">LABEL INFO</span>
 							<div class="view">
 								<span>
-									<th:block th:each="goodsImg, status : ${goodsCompose.goodsImgList}" th:if="${#strings.contains(goodsImg.sysImgNm,'_L1') 
+									<th:block th:each="goodsImg, status : ${goodsImgList}" th:if="${#strings.contains(goodsImg.sysImgNm,'_L1') 
 																							or #strings.contains(goodsImg.sysImgNm,'_L2')}">
 									<img th:src="${imgGoodsUrl+'/'+goodsImg.sysImgNm+'?RS=250'}" alt=""  th:onerror="'this.src=\''+@{${uxImgUrl}+ '/images/pc/thumb/bg_item_none.png'}+'\';'">
 									</th:block>
@@ -906,9 +906,9 @@
 						</div>
 						
 						<!-- //네이밍룰 안맞는 이미지 노출 -->
-						<div class="view_detail_box" th:if="${not #strings.contains(goodsCompose.goodsImgList,'_01')}">
+						<div class="view_detail_box" th:if="${not #strings.contains(goodsImgList,'_01')}">
 							<div class="view">
-								<th:block th:each="goodsImg, status : ${goodsCompose.goodsImgList}" >
+								<th:block th:each="goodsImg, status : ${goodsImgList}" >
 									<img th:src="${imgGoodsUrl+'/'+goodsImg.sysImgNm+'?RS=720'}" alt="" th:onerror="'this.src=\''+@{${uxImgUrl}+ '/images/pc/thumb/bg_item_none.png'}+'\';'">
 									</th:block>
 							</div>