public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-06-13 09:04:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 修复v-html 引起的xss漏洞

Browse Source
This commit is contained in:
wangjiahao
2026-06-11 11:27:48 +08:00
parent 69b89d0b53
commit adab5f1e89
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/core-frontend/src/custom-component/scroll-text/Component.vue
View File

@@ -5,6 +5,7 @@ import { computed, nextTick, onBeforeUnmount, onMounted, ref } from 'vue'
import { toRefs } from 'vue'
import { dvMainStoreWithOut } from '@/store/modules/data-visualization/dvMain'
import { storeToRefs } from 'pinia'
import { sanitizeHtml } from '@/utils/utils'
const canEdit = ref(false)
const ctrlKey = ref(17)
@@ -160,6 +161,8 @@ const init = () => {
}
}, 1000)
}
const sanitizedPropValue = computed(() => sanitizeHtml(element.value['propValue'] || ''))
onMounted(() => {
init()
})
@@ -184,11 +187,11 @@ onMounted(() => {
@mousedown="handleMousedown"
@blur="handleBlur"
@input="handleInput"
v-html="element['propValue']"
v-html="sanitizedPropValue"
></div>
</div>
<div v-else class="v-text preview" ref="textOut" :style="varStyle">
<div class="marquee-txt" ref="text" v-html="element['propValue']"></div>
<div class="marquee-txt" ref="text" v-html="sanitizedPropValue"></div>
</div>
</template>