|
...
|
...
|
@@ -115,7 +115,9 @@ var g = new common.grid({ |
|
|
|
}
|
|
|
|
}, {
|
|
|
|
display: '评价内容',
|
|
|
|
name: "content",
|
|
|
|
render: function (item) {
|
|
|
|
return encodeHtml(item.content);
|
|
|
|
},
|
|
|
|
style: "width:15%; word-break:break-all;"
|
|
|
|
}
|
|
|
|
, {
|
|
...
|
...
|
@@ -319,3 +321,20 @@ $('#batch-audit-fail').on('click', function () { |
|
|
|
Bll.toast('批量审核不通过?', 'fail');
|
|
|
|
});
|
|
|
|
|
|
|
|
// 对字符串中的特殊字符进行编码处理,防止js注入,形如 <script>alert(document.cookie)</script>
|
|
|
|
function encodeHtml(str, reg) {
|
|
|
|
return str ? str.replace(reg || /[&<">'](?:(amp|lt|quot|gt|#39|nbsp);)?/g, function(a, b) {
|
|
|
|
if (b) {
|
|
|
|
return a;
|
|
|
|
} else {
|
|
|
|
return {
|
|
|
|
'<': '<',
|
|
|
|
'&': '&',
|
|
|
|
'"': '"',
|
|
|
|
'>': '>',
|
|
|
|
"'": '''
|
|
|
|
}[a]
|
|
|
|
}
|
|
|
|
|
|
|
|
}) : '';
|
|
|
|
} |
|
|
\ No newline at end of file |
...
|
...
|
|
