github
/
jeecg-boot-vue3
mirror of https://github.com/jeecgboot/jeecgboot-vue3
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

通知公告中发布的富文本消息,在我的消息中查看没有样式

pull/867/head
zhangdaiscott 2023-11-19 22:05:42 +08:00
parent 5eeab9c448
commit 256594e384
2 changed files with 47 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/views/monitor/mynews/DetailModal.vue
View File

@ -3,8 +3,7 @@
<a-card class="daily-article"> <a-card class="daily-article">
<a-card-meta :title="content.titile" :description="'发布人:' + content.sender + ' 发布时间: ' + content.sendTime"> </a-card-meta> <a-card-meta :title="content.titile" :description="'发布人:' + content.sender + ' 发布时间: ' + content.sendTime"> </a-card-meta>
<a-divider /> <a-divider />
<span v-html="content.msgContent" class="article-content"></span> <div v-html="content.msgContent" class="article-content"></div>
<div> <div>
<a-button v-if="hasHref" @click="jumpToHandlePage"><ArrowRightOutlined /></a-button> <a-button v-if="hasHref" @click="jumpToHandlePage"><ArrowRightOutlined /></a-button>
</div> </div>
@ -17,6 +16,8 @@
import { ArrowRightOutlined } from '@ant-design/icons-vue'; import { ArrowRightOutlined } from '@ant-design/icons-vue';
import { useRouter } from 'vue-router' import { useRouter } from 'vue-router'
import xss from 'xss' import xss from 'xss'
import { options } from './XssWhiteList'
const router = useRouter() const router = useRouter()
import { ref, unref } from 'vue'; import { ref, unref } from 'vue';
@ -29,7 +30,9 @@
//data.record.msgContent = '<p>2323</p><input onmouseover=alert(1)>xss test'; //data.record.msgContent = '<p>2323</p><input onmouseover=alert(1)>xss test';
//update-begin-author:taoyan date:2022-7-14 for: VUEN-1702 sql //update-begin-author:taoyan date:2022-7-14 for: VUEN-1702 sql
if(data.record.msgContent){ if(data.record.msgContent){
data.record.msgContent = xss(data.record.msgContent) //update-begin---author:wangshuai---date:2023-11-15---for:QQYUN-70493.6.0 ---
data.record.msgContent = xss(data.record.msgContent,options);
//update-end---author:wangshuai---date:2023-11-15---for:QQYUN-70493.6.0 ---
} }
//update-end-author:taoyan date:2022-7-14 for: VUEN-1702 sql //update-end-author:taoyan date:2022-7-14 for: VUEN-1702 sql
content.value = data.record; content.value = data.record;

41
src/views/monitor/mynews/XssWhiteList.ts Normal file
View File

@ -0,0 +1,41 @@
//xss攻击白名单列表
export const options = {
whiteList: {
h1: ['style'],
h2: ['style'],
h3: ['style'],
h4: ['style'],
h5: ['style'],
h6: ['style'],
hr: ['style'],
span: ['style'],
strong: ['style'],
b: ['style'],
i: ['style'],
br: [],
p: ['style'],
pre: ['style'],
code: ['style'],
a: ['style', 'target', 'href', 'title', 'rel'],
img: ['style', 'src', 'title','width','height'],
div: ['style'],
table: ['style', 'width', 'border', 'height'],
tr: ['style'],
td: ['style', 'width', 'colspan'],
th: ['style', 'width', 'colspan'],
tbody: ['style'],
ul: ['style'],
li: ['style'],
ol: ['style'],
dl: ['style'],
dt: ['style'],
em: ['style'],
cite: ['style'],
section: ['style'],
header: ['style'],
footer: ['style'],
blockquote: ['style'],
audio: ['autoplay', 'controls', 'loop', 'preload', 'src'],
video: ['autoplay', 'controls', 'loop', 'preload', 'src', 'height', 'width'],
},
};