xss

+<template>
+    <editor :content="value" @change="change"></editor>
+</template>
+
+<script>
+import xss from 'util/xss';
+
+export default {
+    name: 'editor-safe',
+    props: ['content'],
+    data() {
+        return {
+            value: this.content
+        };
+    },
+    methods: {
+        change(val) {
+            let currentVal = val;
+
+            val = xss.replaceScript(val);
+            this.$emit('change', val);
+            if (currentVal !== val) {
+                this.value = val;
+                this.$Message.error('输入内容有敏感字符，已自动清除');
+            }
+        }
+    }
+};
+</script>
+
+<style>
+  
+</style>

 import Editor from './editor';
+import EditorSafe from './editor-safe';
 
-export default Editor;
+export {
+    Editor,
+    EditorSafe
+};

@@ -9,7 +9,7 @@ import LayoutTab from './layout-tab';
 import LayoutFilter from './layout-filter';
 import LayoutPrint from './layout-print';
 import ActionGroup from './action-group';
-import Editor from './editor';
+import {Editor, EditorSafe} from './editor';
 import FileUpload from './file-upload';
 import DragFileUpload from './drag-file-upload';
 import IFrame from './iframe';
@@ -28,6 +28,7 @@ export default {
     LayoutPrint,
     ActionGroup,
     Editor,
+    EditorSafe,
     FileUpload,
     DragFileUpload,
     IFrame,

@@ -118,7 +118,7 @@
 
                 <Row>
                     <Col>
-                        <editor :content="desc" :z-index="2" @change="updateProductDesc"></editor>
+                        <editor-safe :content="desc" :z-index="2" @change="updateProductDesc"></editor-safe>
                     </Col>
                 </Row>
 

@@ -81,9 +81,9 @@
         <div class="create-item-title">商品描述
             <span class="create-group-sub-title">（详情页内容）</span>
         </div>
-        <editor :content="product.productIntro"
+        <editor-safe :content="product.productIntro"
                 @change="updateProductDesc"
-                :z-index="2"></editor>
+                :z-index="2"></editor-safe>
         <div class="create-item-title">商品属性
             <span class="create-group-sub-title">（请认真选择所列的属性项，所填内容会对商品搜索、智能推荐等功能产生影响，从而影响商品曝光展示）</span>
         </div>

@@ -3,7 +3,8 @@ export default function() {
     return {
         showLoading: true,
         product: {
-            seasons: ''
+            seasons: '',
+            productIntro: ''
         },
         table: {
             data: [],

@@ -24,8 +24,8 @@
                 <em class="upload-img-tip">尺寸要求150px＊150px&nbsp;&nbsp;不大于500KB</em>
             </Form-item>
             <Form-item label="店铺简介：">
-                <editor :content="shopData.shopIntro" @change="updateData" :z-index="2">
-                </editor>
+                <editor-safe :content="shopData.shopIntro" @change="updateData" :z-index="2">
+                </editor-safe>
             </Form-item>
             <Form-item label="品牌－供应商：">
                 <Table :columns="tableCols" width="700" :data="tableData"></Table>

 export default {
     replaceIllegal: (str) => {
         return str.replace(/<[^<>]+>/g, '');
+    },
+    replaceScript: (str) => {
+        return str.replace(/<\/?script>/g, '').replace(/javascript:/g, '').replace(/src=.*?\/\/.*?\.js('|")?/g, '');
     }
 };

@@ -22,8 +22,8 @@
                 </div>
             </Form-item>
             <Form-item label="简介：" prop="intro">
-                <editor :content="modelData.intro" @change="editorChange" :z-index="2">
-                </editor>
+                <editor-safe :content="modelData.intro" @change="editorChange" :z-index="2">
+                </editor-safe>
             </Form-item>
             <Form-item>
                 <Button type="primary" @click="submit">保存</Button>