修复<keyword>组件的安全问题

2025-11-07 07:10:27 +08:00 · 2021-07-12 17:35:33 +08:00
parent fad6b30a8e
commit 4bbb3bde74
1 changed files with 9 additions and 1 deletions
--- a/web/public/js/components/common/keyword.js
+++ b/web/public/js/components/common/keyword.js
@@ -13,7 +13,7 @@ Vue.component("keyword", {
 		}

 		let slot = this.$slots["default"][0]
-		let text = slot.text
+		let text = this.encodeHTML(slot.text)
 		if (word.length > 0) {
 			text = text.replace(new RegExp("(" + word + ")", "ig"), "<span style=\"border: 1px #ccc dashed; color: #ef4d58\">$1</span>")
 		}
@@ -23,5 +23,13 @@ Vue.component("keyword", {
 			text: text
 		}
 	},
+	methods: {
+		encodeHTML: function (s) {
+			s = s.replace("&", "&amp;")
+			s = s.replace("<", "&lt;")
+			s = s.replace(">", "&gt;")
+			return s
+		}
+	},
 	template: `<span><span style="display: none"><slot></slot></span><span v-html="text"></span></span>`
 })