From 619934a2755dfdbe7fed94e5f076e174e7eef8bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Wed, 23 Feb 2022 17:34:54 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=AE=BF=E9=97=AE=E6=97=A5?= =?UTF-8?q?=E5=BF=97XSS=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- web/public/js/components.js | 7 ++++--- web/public/js/components/common/keyword.js | 7 ++++--- web/public/js/utils.js | 8 ++++---- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/web/public/js/components.js b/web/public/js/components.js index 133996ee..c6b04298 100755 --- a/web/public/js/components.js +++ b/web/public/js/components.js @@ -12246,9 +12246,10 @@ Vue.component("keyword", { }, methods: { encodeHTML: function (s) { - s = s.replace("&", "&") - s = s.replace("<", "<") - s = s.replace(">", ">") + s = s.replace(/&/g, "&") + s = s.replace(//g, ">") + s = s.replace(/"/g, """) return s } }, diff --git a/web/public/js/components/common/keyword.js b/web/public/js/components/common/keyword.js index c19a487d..1a0cef34 100644 --- a/web/public/js/components/common/keyword.js +++ b/web/public/js/components/common/keyword.js @@ -25,9 +25,10 @@ Vue.component("keyword", { }, methods: { encodeHTML: function (s) { - s = s.replace("&", "&") - s = s.replace("<", "<") - s = s.replace(">", ">") + s = s.replace(/&/g, "&") + s = s.replace(//g, ">") + s = s.replace(/"/g, """) return s } }, diff --git a/web/public/js/utils.js b/web/public/js/utils.js index f96145e7..a01e4f68 100644 --- a/web/public/js/utils.js +++ b/web/public/js/utils.js @@ -624,10 +624,10 @@ window.teaweb = { return instance }, encodeHTML: function (s) { - s = s.replace("&", "&") - s = s.replace("<", "<") - s = s.replace(">", ">") - s = s.replace("\"", """) + s = s.replace(/&/g, "&") + s = s.replace(//g, ">") + s = s.replace(/"/, """) return s } }