dongjunchuan/de
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 优化文本XSS校验,防止出现模版编辑出现卡死现象 #5258 #6977

Browse Source
This commit is contained in:
wangjiahao 2023-12-06 14:55:00 +08:00
parent 4d95e14769
commit 83d05b719b
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
core/frontend/src/components/canvas/customComponent/VText.vue
View File

@ -18,7 +18,7 @@
@mousedown="handleMousedown"
@blur="handleBlur"
@input="handleInput"
v-html="$xss(element.propValue)"
v-html="element.propValue"
/>
<div
v-if="!canEdit"
@ -28,7 +28,7 @@
@mousedown="handleMousedown"
@blur="handleBlur"
@input="handleInput"
v-html="$xss(element.propValue)"
v-html="element.propValue"
/>
</div>
<div
@ -37,7 +37,7 @@
>
<div
:style="{ verticalAlign: element.style.verticalAlign }"
v-html="$xss(textInfo)"
v-html="textInfo"
/>
</div>
</template>
@ -45,6 +45,7 @@
<script>
import { keycodes } from '@/components/canvas/utils/shortcutKey.js'
import { mapState } from 'vuex'
import xssCheck from 'xss'
export default {
props: {
@ -139,16 +140,12 @@ export default {
},
handleBlur(e) {
this.element.propValue = e.target.innerHTML || '&nbsp;'
this.element.propValue = xssCheck(e.target.innerHTML || '&nbsp;')
this.canEdit = false
},
setEdit() {
this.canEdit = true
this.selectText(this.$refs.text)
},
selectText(element) {
},
removeSelectText() {