通知公告中发布的富文本消息，在我的消息中查看没有样式

2023-11-19 22:05:42 +08:00 · 2023-11-19 22:05:42 +08:00 · 256594e384
parent 5eeab9c448
commit 256594e384
2 changed files with 47 additions and 3 deletions
--- a/src/views/monitor/mynews/DetailModal.vue
+++ b/src/views/monitor/mynews/DetailModal.vue
@ -3,8 +3,7 @@
    <a-card class="daily-article">
      <a-card-meta :title="content.titile" :description="'发布人：' + content.sender + ' 发布时间： ' + content.sendTime"> </a-card-meta>
      <a-divider />
-      <span v-html="content.msgContent" class="article-content"></span>
-      
+      <div v-html="content.msgContent" class="article-content"></div>
      <div>
        <a-button v-if="hasHref" @click="jumpToHandlePage">前往办理<ArrowRightOutlined /></a-button>
      </div>
@ -17,6 +16,8 @@
  import { ArrowRightOutlined } from '@ant-design/icons-vue';
  import { useRouter } from 'vue-router'
  import xss from 'xss'
+  import { options } from './XssWhiteList'
+  
  const router = useRouter()
  
  import { ref, unref } from 'vue';
@ -29,7 +30,9 @@
      //data.record.msgContent = '<p>2323</p><input onmouseover=alert(1)>xss test';
      //update-begin-author:taoyan date:2022-7-14 for: VUEN-1702 【禁止问题】sql注入漏洞
      if(data.record.msgContent){
-        data.record.msgContent = xss(data.record.msgContent)
+        //update-begin---author:wangshuai---date:2023-11-15---for:【QQYUN-7049】3.6.0版本 通知公告中发布的富文本消息，在我的消息中查看没有样式---
+        data.record.msgContent = xss(data.record.msgContent,options);
+        //update-end---author:wangshuai---date:2023-11-15---for:【QQYUN-7049】3.6.0版本 通知公告中发布的富文本消息，在我的消息中查看没有样式---
      }
      //update-end-author:taoyan date:2022-7-14 for: VUEN-1702 【禁止问题】sql注入漏洞
      content.value = data.record;
--- a/src/views/monitor/mynews/XssWhiteList.ts
+++ b/src/views/monitor/mynews/XssWhiteList.ts
@ -0,0 +1,41 @@
+//xss攻击白名单列表
+export const options = {
+  whiteList: {
+    h1: ['style'],
+    h2: ['style'],
+    h3: ['style'],
+    h4: ['style'],
+    h5: ['style'],
+    h6: ['style'],
+    hr: ['style'],
+    span: ['style'],
+    strong: ['style'],
+    b: ['style'],
+    i: ['style'],
+    br: [],
+    p: ['style'],
+    pre: ['style'],
+    code: ['style'],
+    a: ['style', 'target', 'href', 'title', 'rel'],
+    img: ['style', 'src', 'title','width','height'],
+    div: ['style'],
+    table: ['style', 'width', 'border', 'height'],
+    tr: ['style'],
+    td: ['style', 'width', 'colspan'],
+    th: ['style', 'width', 'colspan'],
+    tbody: ['style'],
+    ul: ['style'],
+    li: ['style'],
+    ol: ['style'],
+    dl: ['style'],
+    dt: ['style'],
+    em: ['style'],
+    cite: ['style'],
+    section: ['style'],
+    header: ['style'],
+    footer: ['style'],
+    blockquote: ['style'],
+    audio: ['autoplay', 'controls', 'loop', 'preload', 'src'],
+    video: ['autoplay', 'controls', 'loop', 'preload', 'src', 'height', 'width'],
+  },
+};