fe / yoho-shop-manage · Commits

Go to a project

Authored by 陈峰
Commit f54767a655e4122bbdca946b6ea743396dc2475f 1 parent 6634fe01

xss

Inline Side-by-side
Showing 8 changed files with 53 additions and 18 deletions
... ... @@ -7,6 +7,7 @@ import Pop from './pop';
import Radio from './radio';
import Select from './select';
import Table from './table';
import Input from './input';
export default {
Cell,
... ... @@ -17,5 +18,6 @@ export default {
Pop,
Radio,
Select,
Table
Table,
Input
};
... ...
import InputSafe from './input-safe';
export default {
InputSafe
};
... ...
<template>
<Input :value="value" v-bind="$attrs" v-on="$listeners" />
</template>
<script>
import xss from 'util/xss';
export default {
name: 'input-safe',
props: ['value'],
created() {
this.$listeners.input = this.input;
},
methods: {
input(val) {
if (typeof val === 'string') {
this.value = xss.replaceIllegal(val);
} else {
this.value = val;
}
this.$emit('input', this.value);
if (this.value !== val) {
this.$Message.error('输入内容有敏感字符,已自动清除');
}
}
}
};
</script>
... ...
... ... @@ -52,7 +52,7 @@ export default {
return <span>颜色展示名称</span>;
}
if (this.isExist(params.index)) {
return h('Input', {
return h('input-safe', {
props: {
value: params.row.factoryGoodsName
},
... ... @@ -109,11 +109,11 @@ export default {
if (this.isExist(params.index)) {
return (
<i-input
<input-safe
value={params.row.factoryCode}
placeholder='请输入...'
onInput={val => (params.row.factoryCode = val)}
style={{width: '100%'}}></i-input>
style={{width: '100%'}}></input-safe>
);
}
return null;
... ... @@ -149,7 +149,7 @@ export default {
<div class={{'row-span': true}}>
<div style={{position: 'relative'}}>
<div class={{'size-code-error': size.validate && !size.name}}>
<i-input
<input-safe
value={size.name}
onInput={val => (size.name = val)}
disabled={!params.row.operator[i].value}
... ...
... ... @@ -16,15 +16,15 @@
<Form-item label="类目"> <span>{{sortName}}</span> </Form-item>
<Form-item label="商品名称" prop="productName">
<Input v-model="product.productName" placeholder="请输入..." style="width: 400px;"/>
<input-safe v-model="product.productName" placeholder="请输入..." style="width: 400px;"/>
</Form-item>
<Form-item label="商品卖点">
<Input v-model="product.phrase" :maxlength="12" placeholder="最多12个字符" style="width: 400px;"/>
<input-safe v-model="product.phrase" :maxlength="12" placeholder="最多12个字符" style="width: 400px;"/>
</Form-item>
<Form-item label="商家商品编码" prop="factoryCode">
<Input v-model="product.factoryCode" placeholder="请输入..." style="width: 400px;"/>
<input-safe v-model="product.factoryCode" placeholder="请输入..." style="width: 400px;"/>
</Form-item>
<Form-item label="货品年" prop="goodsYears">
... ... @@ -73,11 +73,11 @@
<Row> <div class="create-item-title">商品价格</div> </Row>
<Form-item label="吊牌价" prop="retailPrice">
<Input v-model="product.retailPrice" :number="true" placeholder="请输入..." style="width: 400px;"/>
<input-safe v-model="product.retailPrice" :number="true" placeholder="请输入..." style="width: 400px;"/>
</Form-item>
<Form-item label="销售价" prop="salesPrice">
<Input v-model="product.salesPrice" :number="true" placeholder="请输入..." style="width: 400px;"/>
<input-safe v-model="product.salesPrice" :number="true" placeholder="请输入..." style="width: 400px;"/>
</Form-item>
</Form>
... ...
... ... @@ -14,13 +14,13 @@
<span>{{product.smallSortName}}</span>
</Form-item>
<Form-item label="商品名称" prop="productName">
<Input v-model="product.productName" placeholder="请输入..." />
<input-safe v-model="product.productName" placeholder="请输入..." />
</Form-item>
<Form-item label="商品卖点">
<Input v-model="product.phrase" :maxlength="12" placeholder="最多12个字符"/>
<input-safe v-model="product.phrase" :maxlength="12" placeholder="最多12个字符"/>
</Form-item>
<Form-item label="商家商品编码" prop="factoryCode">
<Input v-model="product.factoryCode" placeholder="请输入..." />
<input-safe v-model="product.factoryCode" placeholder="请输入..." />
</Form-item>
<Form-item label="货品年">
<Date-picker :value="product.goodsYears.toString()" type="year" placeholder="选择年" disabled>
... ... @@ -62,10 +62,10 @@
</Form-item>
<div class="create-item-title">商品价格</div>
<Form-item label="吊牌价">
<Input v-model="product.retailPrice" disabled placeholder="请输入..." />
<input-safe v-model="product.retailPrice" disabled placeholder="请输入..." />
</Form-item>
<Form-item label="销售价">
<Input v-model="product.salesPrice" disabled placeholder="请输入..." />
<input-safe v-model="product.salesPrice" disabled placeholder="请输入..." />
</Form-item>
<div class="create-group">
<span class="create-group-indicator"></span>
... ...
... ... @@ -8,7 +8,7 @@
<div style="text-align: center">
<filter-item :label="'分类名称'">
<Input v-model="name" @on-enter="submit"/>
<input-safe v-model="name" @on-enter="submit"/>
</filter-item>
</div>
... ...
export default {
checkIllegal: (str) => {
return /<[^<>]+>/g.test(str);
replaceIllegal: (str) => {
return str.replace(/<[^<>]+>/g, '');
}
};
... ...