fe / yohobuy-node · Commits

Go to a project

Authored by 王水玲
Commit bfd3afa1ac953607745b26ab79e3efdade97014a 1 parent 6b6b0dea

xss

Inline Side-by-side
Showing 2 changed files with 3 additions and 2 deletions
@@ -135,7 +135,7 @@ @@ -135,7 +135,7 @@
135 {{#if pdfUrl}}<a class="invoice-button" href="{{pdfUrl}}">电子发票下载</a> 135 {{#if pdfUrl}}<a class="invoice-button" href="{{pdfUrl}}">电子发票下载</a>
136 {{/if}} 136 {{/if}}
137 </div> 137 </div>
138 - <p>发票抬头:{{title}}</p> 138 + <p>发票抬头:{{{title}}}</p>
139 {{^}} 139 {{^}}
140 <p>暂不需要发票 140 <p>暂不需要发票
141 {{/if}} 141 {{/if}}
@@ -8,6 +8,7 @@ var $ = require('yoho-jquery'); @@ -8,6 +8,7 @@ var $ = require('yoho-jquery');
8 8
9 var yas = require('../../common/data-yas'); 9 var yas = require('../../common/data-yas');
10 var Dialog = require('../../common/dialog').Dialog; 10 var Dialog = require('../../common/dialog').Dialog;
  11 +var cleanHtml = require('../../../../utils/cleanHtml');
11 12
12 var $invoiceRadio = $('#invoice-radio'); 13 var $invoiceRadio = $('#invoice-radio');
13 14
@@ -143,7 +144,7 @@ function setShowInvoiceInfo() { @@ -143,7 +144,7 @@ function setShowInvoiceInfo() {
143 _h += '电子发票'; 144 _h += '电子发票';
144 } 145 }
145 146
146 - _h += '&nbsp;&nbsp;&nbsp;&nbsp;' + invoiceInfo.titleName; 147 + _h += '&nbsp;&nbsp;&nbsp;&nbsp;' + cleanHtml.htmlEncode(invoiceInfo.titleName);
147 148
148 $dom.removeClass('hide').find('span').html(_h); 149 $dom.removeClass('hide').find('span').html(_h);
149 } 150 }