feat: 新增输入框xss文本过滤功能

app_Web/package.json

@@ -35,7 +35,8 @@
     "vite-plugin-style-import": "1.4.1",
     "vue": "^2.7.15",
     "vue-router": "^3.6.5",
-    "vue-text-format": "^3.1.2"
+    "vue-text-format": "^3.1.2",
+    "xss": "^1.0.15"
   },
   "devDependencies": {
     "@commitlint/cli": "^17.3.0",

app_Web/src/components/editor/text-box/ibiz-input/ibiz-input.tsx

@@ -6,6 +6,7 @@ import {
   useNamespace,
 } from '@ibiz-template/vue-util';
 import '@ibiz-template/theme/style/components/editor/ibiz-input/ibiz-input.scss';
+import xss from 'xss';
 
 const fomatFloat = function (value: number, n: number) {
   const f = value;
@@ -74,6 +75,19 @@ export const IBizInput = defineComponent({
     }
     const currentVal = ref<string>('');
 
+    const getInputValue = (value: string | number) => {
+      if (type.value === 'number' || !ibiz.config.enableXSS) {
+        return value;
+      }
+      const result = xss(value as string);
+      if (result !== value) {
+        currentVal.value = result;
+        inputRef.value?.setCurrentValue?.(result);
+        ibiz.message.warning('输入值存在不规范格式，已自动调整！');
+      }
+      return result;
+    };
+
     watch(
       () => props.value,
       (newVal, oldVal) => {
@@ -96,7 +110,7 @@ export const IBizInput = defineComponent({
       (e: IData) => {
         // 拦截掉blur触发后change
         if (blurCacheValue !== e.target.value) {
-          emit('change', e.target.value);
+          emit('change', getInputValue(e.target.value));
         }
         blurCacheValue = undefined;
         isDebounce = false;
@@ -156,7 +170,7 @@ export const IBizInput = defineComponent({
         inputRef.value?.setCurrentValue?.(number);
         emit('change', number);
       } else {
-        emit('change', blurCacheValue);
+        emit('change', getInputValue(blurCacheValue as string));
       }
     };