'news-xss'

@@ -150,3 +150,4 @@ library
 ### foreman ###
 Procfile
 .env
+.package-lock

@@ -14,6 +14,10 @@ exports.index = (req, res, next) => {
     let channel = req.yoho.channel;
 
     req.ctx(newsService).getIndexList(channel, req.query).then(result => {
+        if (result.msgs.length <= 0) {
+            res.set('Cache-Control', 'no-cache');
+        }
+
         return res.render('news-index', Object.assign({
             title: '新闻 | ' + (res.locals.title || ''),
             module: 'news',

@@ -4,7 +4,9 @@ const _ = require('lodash');
 const helpers = global.yoho.helpers;
 const headerModel = require('../../../doraemon/models/header');
 const NewsAPi = require('./news-api');
+const utils = require('./utils');
 const moment = require('moment');
+const xss = require('xss');
 const searchHandler = require('../../product/models/search-handler');
 
 console.log(global.utils);
@@ -121,6 +123,7 @@ module.exports = class extends global.yoho.BaseModel {
         let newsAPi = new NewsAPi(this.ctx);
         let params = {
             type: 'wechat',
+            atype: param.atype || 'yohogroup',
             limit: 20,
             page: param.page || 1
         };
@@ -132,7 +135,7 @@ module.exports = class extends global.yoho.BaseModel {
                 content_code: ADS_CODE[channel] || ADS_CODE.boys,
                 isAdDegrade: _.get(this.ctx, 'req.app.locals.pc.guang.removeAd', false)
             }),
-            newsAPi.getPolymerizationList(params),
+            newsAPi.getPolymerizationList(Object.assign({}, params, {id: param.atype || 'yohogroup'})),
         ];
 
         return Promise.all(apiMethod).then(result => {
@@ -163,8 +166,13 @@ module.exports = class extends global.yoho.BaseModel {
             title: contents.title,
             time: contents.update_time && moment(contents.update_time * 1000).format('YYYY年MM月DD HH:mm'),
         };
+        let content = utils.filterPhtml(contents.content, [
+            '阅读原文',
+            '点击这里',
+            '点这里'
+        ]);
 
-        return {header: header, content: contents.content};
+        return {header: header, content: xss(utils.filterAhtml(content))};
     }
 
     detail(channel, param) {

+'use strict';
+const _ = require('lodash');
+const cheerio = require('cheerio');
+
+const util = {
+    // 过滤指定字符的p标签
+    filterPhtml: (html, filters) => {
+        if (!html) {
+            return html;
+        }
+
+        let $ = cheerio.load(html, {decodeEntities: false});
+
+        _.each($('p'), (item) => {
+            let ele = $(item);
+            let phtml = ele.html();
+
+            _.each(filters, ft => {
+                if (phtml.indexOf(ft) >= 0) {
+                    ele.remove();
+                }
+            });
+
+        });
+
+        return $.html();
+    },
+
+    // 过滤 a标签连接
+    filterAhtml: (html) => {
+        if (!html) {
+            return html;
+        }
+
+        let $ = cheerio.load(html, {decodeEntities: false});
+
+        $('a').attr('href', 'javascript:void(0);').css({cursor: 'text'});
+
+        return $.html();
+    }
+};
+
+module.exports = util;

@@ -54,6 +54,7 @@
     "sitemap": "^1.12.1",
     "urlencode": "^1.1.0",
     "uuid": "^2.0.2",
+    "xss": "^0.3.4",
     "yoho-express-session": "^2.0.0",
     "yoho-node-lib": "=0.5.4",
     "yoho-zookeeper": "^1.0.8"

@@ -53,7 +53,7 @@
 
     .detail-title {
         font-size: 28px;
-        line-height: 45px;
+        line-height: 50px;
         border-bottom: 1px dotted #c1c1c1;
         word-wrap: break-word;
     }