fe / yohobuy-portal-fe2 · Commits

Go to a project

Authored by 马力
Commit aa7afe5e5f88ce210c8605931fcb2b84744b9ee3 2 parents e00d605e 886b0463

Merge branch 'hotfix_1109_晒单列表防js注入攻击' into dev5.2

Inline Side-by-side
Showing 2 changed files with 21 additions and 2 deletions
@@ -115,7 +115,9 @@ var g = new common.grid({ @@ -115,7 +115,9 @@ var g = new common.grid({
115 } 115 }
116 }, { 116 }, {
117 display: '评价内容', 117 display: '评价内容',
118 - name: "content", 118 + render: function (item) {
  119 + return encodeHtml(item.content);
  120 + },
119 style: "width:15%; word-break:break-all;" 121 style: "width:15%; word-break:break-all;"
120 } 122 }
121 , { 123 , {
@@ -319,3 +321,20 @@ $('#batch-audit-fail').on('click', function () { @@ -319,3 +321,20 @@ $('#batch-audit-fail').on('click', function () {
319 Bll.toast('批量审核不通过?', 'fail'); 321 Bll.toast('批量审核不通过?', 'fail');
320 }); 322 });
321 323
  324 +// 对字符串中的特殊字符进行编码处理,防止js注入,形如 <script>alert(document.cookie)</script>
  325 +function encodeHtml(str, reg) {
  326 + return str ? str.replace(reg || /[&<">'](?:(amp|lt|quot|gt|#39|nbsp);)?/g, function(a, b) {
  327 + if (b) {
  328 + return a;
  329 + } else {
  330 + return {
  331 + '<': '&lt;',
  332 + '&': '&amp;',
  333 + '"': '&quot;',
  334 + '>': '&gt;',
  335 + "'": '&#39;'
  336 + }[a]
  337 + }
  338 +
  339 + }) : '';
  340 +}
@@ -228,7 +228,7 @@ var g = new common.grid({ @@ -228,7 +228,7 @@ var g = new common.grid({
228 return html; 228 return html;
229 } 229 }
230 }, { 230 }, {
231 - display: '库存', 231 + display: '可售库存',
232 name: 'stock' 232 name: 'stock'
233 }, { 233 }, {
234 display: '年龄层/性别', 234 display: '年龄层/性别',