fe / yoho-shop-manage · Commits

Go to a project

Authored by 陈峰
Commit f54767a655e4122bbdca946b6ea743396dc2475f 1 parent 6634fe01

xss

Inline Side-by-side
Showing 8 changed files with 53 additions and 18 deletions
@@ -7,6 +7,7 @@ import Pop from './pop'; @@ -7,6 +7,7 @@ import Pop from './pop';
7 import Radio from './radio'; 7 import Radio from './radio';
8 import Select from './select'; 8 import Select from './select';
9 import Table from './table'; 9 import Table from './table';
  10 +import Input from './input';
10 11
11 export default { 12 export default {
12 Cell, 13 Cell,
@@ -17,5 +18,6 @@ export default { @@ -17,5 +18,6 @@ export default {
17 Pop, 18 Pop,
18 Radio, 19 Radio,
19 Select, 20 Select,
20 - Table 21 + Table,
  22 + Input
21 }; 23 };
  1 +import InputSafe from './input-safe';
  2 +
  3 +export default {
  4 + InputSafe
  5 +};
  1 +<template>
  2 + <Input :value="value" v-bind="$attrs" v-on="$listeners" />
  3 +</template>
  4 +
  5 +<script>
  6 +import xss from 'util/xss';
  7 +
  8 +export default {
  9 + name: 'input-safe',
  10 + props: ['value'],
  11 + created() {
  12 + this.$listeners.input = this.input;
  13 + },
  14 + methods: {
  15 + input(val) {
  16 + if (typeof val === 'string') {
  17 + this.value = xss.replaceIllegal(val);
  18 + } else {
  19 + this.value = val;
  20 + }
  21 + this.$emit('input', this.value);
  22 + if (this.value !== val) {
  23 + this.$Message.error('输入内容有敏感字符,已自动清除');
  24 + }
  25 + }
  26 + }
  27 +};
  28 +</script>
@@ -52,7 +52,7 @@ export default { @@ -52,7 +52,7 @@ export default {
52 return <span>颜色展示名称</span>; 52 return <span>颜色展示名称</span>;
53 } 53 }
54 if (this.isExist(params.index)) { 54 if (this.isExist(params.index)) {
55 - return h('Input', { 55 + return h('input-safe', {
56 props: { 56 props: {
57 value: params.row.factoryGoodsName 57 value: params.row.factoryGoodsName
58 }, 58 },
@@ -109,11 +109,11 @@ export default { @@ -109,11 +109,11 @@ export default {
109 109
110 if (this.isExist(params.index)) { 110 if (this.isExist(params.index)) {
111 return ( 111 return (
112 - <i-input 112 + <input-safe
113 value={params.row.factoryCode} 113 value={params.row.factoryCode}
114 placeholder='请输入...' 114 placeholder='请输入...'
115 onInput={val => (params.row.factoryCode = val)} 115 onInput={val => (params.row.factoryCode = val)}
116 - style={{width: '100%'}}></i-input> 116 + style={{width: '100%'}}></input-safe>
117 ); 117 );
118 } 118 }
119 return null; 119 return null;
@@ -149,7 +149,7 @@ export default { @@ -149,7 +149,7 @@ export default {
149 <div class={{'row-span': true}}> 149 <div class={{'row-span': true}}>
150 <div style={{position: 'relative'}}> 150 <div style={{position: 'relative'}}>
151 <div class={{'size-code-error': size.validate && !size.name}}> 151 <div class={{'size-code-error': size.validate && !size.name}}>
152 - <i-input 152 + <input-safe
153 value={size.name} 153 value={size.name}
154 onInput={val => (size.name = val)} 154 onInput={val => (size.name = val)}
155 disabled={!params.row.operator[i].value} 155 disabled={!params.row.operator[i].value}
@@ -16,15 +16,15 @@ @@ -16,15 +16,15 @@
16 <Form-item label="类目"> <span>{{sortName}}</span> </Form-item> 16 <Form-item label="类目"> <span>{{sortName}}</span> </Form-item>
17 17
18 <Form-item label="商品名称" prop="productName"> 18 <Form-item label="商品名称" prop="productName">
19 - <Input v-model="product.productName" placeholder="请输入..." style="width: 400px;"/> 19 + <input-safe v-model="product.productName" placeholder="请输入..." style="width: 400px;"/>
20 </Form-item> 20 </Form-item>
21 21
22 <Form-item label="商品卖点"> 22 <Form-item label="商品卖点">
23 - <Input v-model="product.phrase" :maxlength="12" placeholder="最多12个字符" style="width: 400px;"/> 23 + <input-safe v-model="product.phrase" :maxlength="12" placeholder="最多12个字符" style="width: 400px;"/>
24 </Form-item> 24 </Form-item>
25 25
26 <Form-item label="商家商品编码" prop="factoryCode"> 26 <Form-item label="商家商品编码" prop="factoryCode">
27 - <Input v-model="product.factoryCode" placeholder="请输入..." style="width: 400px;"/> 27 + <input-safe v-model="product.factoryCode" placeholder="请输入..." style="width: 400px;"/>
28 </Form-item> 28 </Form-item>
29 29
30 <Form-item label="货品年" prop="goodsYears"> 30 <Form-item label="货品年" prop="goodsYears">
@@ -73,11 +73,11 @@ @@ -73,11 +73,11 @@
73 <Row> <div class="create-item-title">商品价格</div> </Row> 73 <Row> <div class="create-item-title">商品价格</div> </Row>
74 74
75 <Form-item label="吊牌价" prop="retailPrice"> 75 <Form-item label="吊牌价" prop="retailPrice">
76 - <Input v-model="product.retailPrice" :number="true" placeholder="请输入..." style="width: 400px;"/> 76 + <input-safe v-model="product.retailPrice" :number="true" placeholder="请输入..." style="width: 400px;"/>
77 </Form-item> 77 </Form-item>
78 78
79 <Form-item label="销售价" prop="salesPrice"> 79 <Form-item label="销售价" prop="salesPrice">
80 - <Input v-model="product.salesPrice" :number="true" placeholder="请输入..." style="width: 400px;"/> 80 + <input-safe v-model="product.salesPrice" :number="true" placeholder="请输入..." style="width: 400px;"/>
81 </Form-item> 81 </Form-item>
82 </Form> 82 </Form>
83 83
@@ -14,13 +14,13 @@ @@ -14,13 +14,13 @@
14 <span>{{product.smallSortName}}</span> 14 <span>{{product.smallSortName}}</span>
15 </Form-item> 15 </Form-item>
16 <Form-item label="商品名称" prop="productName"> 16 <Form-item label="商品名称" prop="productName">
17 - <Input v-model="product.productName" placeholder="请输入..." /> 17 + <input-safe v-model="product.productName" placeholder="请输入..." />
18 </Form-item> 18 </Form-item>
19 <Form-item label="商品卖点"> 19 <Form-item label="商品卖点">
20 - <Input v-model="product.phrase" :maxlength="12" placeholder="最多12个字符"/> 20 + <input-safe v-model="product.phrase" :maxlength="12" placeholder="最多12个字符"/>
21 </Form-item> 21 </Form-item>
22 <Form-item label="商家商品编码" prop="factoryCode"> 22 <Form-item label="商家商品编码" prop="factoryCode">
23 - <Input v-model="product.factoryCode" placeholder="请输入..." /> 23 + <input-safe v-model="product.factoryCode" placeholder="请输入..." />
24 </Form-item> 24 </Form-item>
25 <Form-item label="货品年"> 25 <Form-item label="货品年">
26 <Date-picker :value="product.goodsYears.toString()" type="year" placeholder="选择年" disabled> 26 <Date-picker :value="product.goodsYears.toString()" type="year" placeholder="选择年" disabled>
@@ -62,10 +62,10 @@ @@ -62,10 +62,10 @@
62 </Form-item> 62 </Form-item>
63 <div class="create-item-title">商品价格</div> 63 <div class="create-item-title">商品价格</div>
64 <Form-item label="吊牌价"> 64 <Form-item label="吊牌价">
65 - <Input v-model="product.retailPrice" disabled placeholder="请输入..." /> 65 + <input-safe v-model="product.retailPrice" disabled placeholder="请输入..." />
66 </Form-item> 66 </Form-item>
67 <Form-item label="销售价"> 67 <Form-item label="销售价">
68 - <Input v-model="product.salesPrice" disabled placeholder="请输入..." /> 68 + <input-safe v-model="product.salesPrice" disabled placeholder="请输入..." />
69 </Form-item> 69 </Form-item>
70 <div class="create-group"> 70 <div class="create-group">
71 <span class="create-group-indicator"></span> 71 <span class="create-group-indicator"></span>
@@ -8,7 +8,7 @@ @@ -8,7 +8,7 @@
8 8
9 <div style="text-align: center"> 9 <div style="text-align: center">
10 <filter-item :label="'分类名称'"> 10 <filter-item :label="'分类名称'">
11 - <Input v-model="name" @on-enter="submit"/> 11 + <input-safe v-model="name" @on-enter="submit"/>
12 </filter-item> 12 </filter-item>
13 </div> 13 </div>
14 14
1 export default { 1 export default {
2 - checkIllegal: (str) => {  
3 - return /<[^<>]+>/g.test(str); 2 + replaceIllegal: (str) => {
  3 + return str.replace(/<[^<>]+>/g, '');
4 } 4 }
5 }; 5 };