public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-06-18 05:18:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(漏洞): XSS:多处 v-html 渲染用户可控内容

Browse Source
This commit is contained in:
dataeaseShu
2026-05-12 11:02:14 +08:00
committed by dataeaseShu
parent a470bb619e
commit 7ac9b5d516
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/core-frontend/package.json
View File

@@ -31,6 +31,7 @@
"crypto-js": "^4.1.1",
"dayjs": "^1.11.9",
"dingtalk-jsapi": "^3.1.0",
"dompurify": "^3.4.2",
"echarts": "^5.5.1",
"element-plus-secondary": "^1.0.0",
"element-resize-detector": "^1.2.4",

7
core/core-frontend/src/utils/utils.ts
View File

@@ -2,8 +2,7 @@ import { BusiTreeNode } from '@/models/tree/TreeNode'
import { useCache } from '@/hooks/web/useCache'
import { loadScript } from '@/utils/RemoteJs'
import { ElMessage } from 'element-plus-secondary'
import { useI18n } from '@/hooks/web/useI18n'
const { t } = useI18n()
import DOMPurify from 'dompurify'
const { wsCache } = useCache()
export function deepCopy(target) {
@@ -57,6 +56,10 @@ export function checkAddHttp(url) {
}
}
export const sanitizeHtml = (html: string): string => {
return DOMPurify.sanitize(html)
}
export const setColorName = (obj, keyword: string, key?: string, colorKey?: string) => {
key = key || 'name'
colorKey = colorKey || 'colorName'