update: 取消输入框xss过滤，添加xss工具类

app_Web/src/components/editor/text-box/ibiz-input/ibiz-input.tsx

@@ -6,7 +6,6 @@ import {
   useNamespace,
 } from '@ibiz-template/vue-util';
 import '@ibiz-template/theme/style/components/editor/ibiz-input/ibiz-input.scss';
-import xss from 'xss';
 
 const fomatFloat = function (value: number, n: number) {
   const f = value;
@@ -81,19 +80,6 @@ export const IBizInput = defineComponent({
     }
     const currentVal = ref<string | number>('');
 
-    const getInputValue = (value: string | number) => {
-      if (type.value === 'number' || !ibiz.config.enableXSS) {
-        return value;
-      }
-      const result = xss(value as string);
-      if (result !== value) {
-        currentVal.value = result;
-        inputRef.value?.setCurrentValue?.(result);
-        ibiz.message.warning('输入值存在不规范格式，已自动调整！');
-      }
-      return result;
-    };
-
     watch(
       () => props.value,
       (newVal, oldVal) => {
@@ -116,7 +102,7 @@ export const IBizInput = defineComponent({
       (e: IData) => {
         // 拦截掉blur触发后change
         if (blurCacheValue !== e.target.value) {
-          emit('change', getInputValue(e.target.value));
+          emit('change', e.target.value);
         }
         blurCacheValue = undefined;
         isDebounce = false;
@@ -176,7 +162,7 @@ export const IBizInput = defineComponent({
         inputRef.value?.setCurrentValue?.(number);
         emit('change', number);
       } else {
-        emit('change', getInputValue(blurCacheValue as string));
+        emit('change', blurCacheValue);
       }
     };
 

app_Web/src/guard/auth-guard/auth-guard.ts

@@ -177,6 +177,7 @@ async function loadAppModelStyle(): Promise<void> {
         const url = new URL(res.request.responseURL);
         dom.id = url.pathname;
       }
+      // style节点无需xss处理
       dom.innerHTML = res.data as unknown as string;
       document.head.appendChild(dom);
     })

app_Web/src/util/index.ts

@@ -7,3 +7,4 @@ export { ErrorHandler } from './error-handler/error-handler';
 export { OverlayContainer } from './overlay-container/overlay-container';
 export { OverlayController } from './overlay-controller/overlay-controller';
 export { OverlayPopoverContainer } from './overlay-popover-container/overlay-popover-container';
+export { safeXss } from './xss-util/xss-util';

app_Web/src/util/xss-util/xss-util.ts

+import xss from 'xss';
+
+/**
+ * @description 使用xss过滤
+ * @export
+ * @param {(string | number)} value
+ * @returns {*}  {string}
+ */
+export function safeXss(value: string | number): string | number {
+  // 数值不做处理
+  if (typeof value === 'number') {
+    return value;
+  }
+  if (!ibiz.config.enableXSS) {
+    return value;
+  }
+  const result = xss(value as string);
+  if (result !== value) {
+    ibiz.message.warning('输入值存在不规范格式，已自动调整！');
+  }
+  return result;
+}