From 7ac9b5d51680174b2bf0fe19f3339a67d18c8c9c Mon Sep 17 00:00:00 2001 From: dataeaseShu Date: Tue, 12 May 2026 11:02:14 +0800 Subject: [PATCH] =?UTF-8?q?fix(=E6=BC=8F=E6=B4=9E):=20XSS=EF=BC=9A?= =?UTF-8?q?=E5=A4=9A=E5=A4=84=20`v-html`=20=E6=B8=B2=E6=9F=93=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E5=8F=AF=E6=8E=A7=E5=86=85=E5=AE=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/core-frontend/package.json | 1 + core/core-frontend/src/utils/utils.ts | 7 +++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/core/core-frontend/package.json b/core/core-frontend/package.json index 4b3aeb3ae2..e35d2983fb 100644 --- a/core/core-frontend/package.json +++ b/core/core-frontend/package.json @@ -31,6 +31,7 @@ "crypto-js": "^4.1.1", "dayjs": "^1.11.9", "dingtalk-jsapi": "^3.1.0", + "dompurify": "^3.4.2", "echarts": "^5.5.1", "element-plus-secondary": "^1.0.0", "element-resize-detector": "^1.2.4", diff --git a/core/core-frontend/src/utils/utils.ts b/core/core-frontend/src/utils/utils.ts index 2b6574aa5a..04f6a48773 100644 --- a/core/core-frontend/src/utils/utils.ts +++ b/core/core-frontend/src/utils/utils.ts @@ -2,8 +2,7 @@ import { BusiTreeNode } from '@/models/tree/TreeNode' import { useCache } from '@/hooks/web/useCache' import { loadScript } from '@/utils/RemoteJs' import { ElMessage } from 'element-plus-secondary' -import { useI18n } from '@/hooks/web/useI18n' -const { t } = useI18n() +import DOMPurify from 'dompurify' const { wsCache } = useCache() export function deepCopy(target) { @@ -57,6 +56,10 @@ export function checkAddHttp(url) { } } +export const sanitizeHtml = (html: string): string => { + return DOMPurify.sanitize(html) +} + export const setColorName = (obj, keyword: string, key?: string, colorKey?: string) => { key = key || 'name' colorKey = colorKey || 'colorName'