Skip to content

T
TrainSys
提交 a2f3d0c8 编写于 作者: Cano1997's avatar Cano1997
浏览文件
操作

update: 取消输入框xss过滤,添加xss工具类

上级 0cdadb2a
隐藏空白字符变更
内嵌 并排
正在显示 包含 26 行增加16 行删除
app_Web/src/components/editor/text-box/ibiz-input/ibiz-input.tsx
浏览文件 @ a2f3d0c8
...@@ -6,7 +6,6 @@ import { ...@@ -6,7 +6,6 @@ import {
useNamespace, useNamespace,
} from '@ibiz-template/vue-util'; } from '@ibiz-template/vue-util';
import '@ibiz-template/theme/style/components/editor/ibiz-input/ibiz-input.scss'; import '@ibiz-template/theme/style/components/editor/ibiz-input/ibiz-input.scss';
import xss from 'xss';
const fomatFloat = function (value: number, n: number) { const fomatFloat = function (value: number, n: number) {
const f = value; const f = value;
...@@ -81,19 +80,6 @@ export const IBizInput = defineComponent({ ...@@ -81,19 +80,6 @@ export const IBizInput = defineComponent({
} }
const currentVal = ref<string | number>(''); const currentVal = ref<string | number>('');
const getInputValue = (value: string | number) => {
if (type.value === 'number' || !ibiz.config.enableXSS) {
return value;
}
const result = xss(value as string);
if (result !== value) {
currentVal.value = result;
inputRef.value?.setCurrentValue?.(result);
ibiz.message.warning('输入值存在不规范格式,已自动调整!');
}
return result;
};
watch( watch(
() => props.value, () => props.value,
(newVal, oldVal) => { (newVal, oldVal) => {
...@@ -116,7 +102,7 @@ export const IBizInput = defineComponent({ ...@@ -116,7 +102,7 @@ export const IBizInput = defineComponent({
(e: IData) => { (e: IData) => {
// 拦截掉blur触发后change // 拦截掉blur触发后change
if (blurCacheValue !== e.target.value) { if (blurCacheValue !== e.target.value) {
emit('change', getInputValue(e.target.value)); emit('change', e.target.value);
} }
blurCacheValue = undefined; blurCacheValue = undefined;
isDebounce = false; isDebounce = false;
...@@ -176,7 +162,7 @@ export const IBizInput = defineComponent({ ...@@ -176,7 +162,7 @@ export const IBizInput = defineComponent({
inputRef.value?.setCurrentValue?.(number); inputRef.value?.setCurrentValue?.(number);
emit('change', number); emit('change', number);
} else { } else {
emit('change', getInputValue(blurCacheValue as string)); emit('change', blurCacheValue);
} }
}; };
......
app_Web/src/guard/auth-guard/auth-guard.ts
浏览文件 @ a2f3d0c8
...@@ -177,6 +177,7 @@ async function loadAppModelStyle(): Promise<void> { ...@@ -177,6 +177,7 @@ async function loadAppModelStyle(): Promise<void> {
const url = new URL(res.request.responseURL); const url = new URL(res.request.responseURL);
dom.id = url.pathname; dom.id = url.pathname;
} }
// style节点无需xss处理
dom.innerHTML = res.data as unknown as string; dom.innerHTML = res.data as unknown as string;
document.head.appendChild(dom); document.head.appendChild(dom);
}) })
......
app_Web/src/util/index.ts
浏览文件 @ a2f3d0c8
...@@ -7,3 +7,4 @@ export { ErrorHandler } from './error-handler/error-handler'; ...@@ -7,3 +7,4 @@ export { ErrorHandler } from './error-handler/error-handler';
export { OverlayContainer } from './overlay-container/overlay-container'; export { OverlayContainer } from './overlay-container/overlay-container';
export { OverlayController } from './overlay-controller/overlay-controller'; export { OverlayController } from './overlay-controller/overlay-controller';
export { OverlayPopoverContainer } from './overlay-popover-container/overlay-popover-container'; export { OverlayPopoverContainer } from './overlay-popover-container/overlay-popover-container';
export { safeXss } from './xss-util/xss-util';
app_Web/src/util/xss-util/xss-util.ts 0 → 100644
浏览文件 @ a2f3d0c8
import xss from 'xss';
/**
* @description 使用xss过滤
* @export
* @param {(string | number)} value
* @returns {*} {string}
*/
export function safeXss(value: string | number): string | number {
// 数值不做处理
if (typeof value === 'number') {
return value;
}
if (!ibiz.config.enableXSS) {
return value;
}
const result = xss(value as string);
if (result !== value) {
ibiz.message.warning('输入值存在不规范格式,已自动调整!');
}
return result;
}
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册