Merge branch 'gray' into 'master'

Gray



See merge request !1460

 'use strict';
 'use strict';
 
 
+const _ = require('lodash');
 const semver = require('semver');
 const semver = require('semver');
 const questionModel = require('../models/question');
 const questionModel = require('../models/question');
 const headerModel = require('../../../doraemon/models/header'); // 头部model
 const headerModel = require('../../../doraemon/models/header'); // 头部model
+const geetest = require('../../passport/controllers/geetest');
 
 
 exports.list = (req, res, next) => {
 exports.list = (req, res, next) => {
     let canShare = false;
     let canShare = false;
@@ -47,6 +49,35 @@ exports.check = (req, res, next) => {
     }).catch(next);
     }).catch(next);
 };
 };
 
 
+exports.geetestLoad = (req, res, next) => {
+    req.yoho.captchaShow = false;
+    res.locals.useGeetest = true;
+
+    if (_.has(res, 'locals.loadJsBefore')) {
+        res.locals.loadJsBefore.push({
+            src: global.yoho.config.geetestJs
+        });
+    } else {
+        res.locals.loadJsBefore = [
+            {
+                src: global.yoho.config.geetestJs
+            }
+        ];
+    }
+
+    return next();
+};
+
+exports.geetestCheck = (req, res, next) => {
+    let testCode = req.body.yohobuy;
+
+    if (testCode === global.yoho.config.testCode) {
+        return next();
+    }
+
+    return geetest.validate(req, res, next);
+};
+
 exports.submit = (req, res, next) => {
 exports.submit = (req, res, next) => {
     let params = req.body;
     let params = req.body;
 
 
@@ -66,11 +97,12 @@ exports.submit = (req, res, next) => {
     }).catch(next);
     }).catch(next);
 };
 };
 
 
-
-
 exports.detail = (req, res, next) => {
 exports.detail = (req, res, next) => {
     let id = parseInt(`0${req.params.id}`, 10);
     let id = parseInt(`0${req.params.id}`, 10);
 
 
+    req.yoho.captchaShow = false;
+    res.locals.useGeetest = true;
+
     req.ctx(questionModel).getQuestionDetail(id, req.user.uid).then(result => {
     req.ctx(questionModel).getQuestionDetail(id, req.user.uid).then(result => {
         if (result && result.detail && req.yoho.isApp) {
         if (result && result.detail && req.yoho.isApp) {
             result.detail.uid = req.user.uid;
             result.detail.uid = req.user.uid;

@@ -64,7 +64,7 @@ const keywordsPage = (page) => {
             });
             });
         });
         });
         return pages;
         return pages;
-    }).timeout(200).catch(()=>{
+    }).catch(()=>{
         return {};
         return {};
     });
     });
 };
 };

@@ -25,8 +25,8 @@ router.post('/check/submit', check.submit);
 
 
 router.get('/questionnaire', auth, question.list);
 router.get('/questionnaire', auth, question.list);
 router.post('/questionnaire/check', question.check);
 router.post('/questionnaire/check', question.check);
-router.post('/questionnaire/submit', question.submit);
-router.get('/questionnaire/:id', question.detail);
+router.post('/questionnaire/submit', question.geetestCheck, question.submit);
+router.get('/questionnaire/:id', question.geetestLoad, question.detail);
 router.get('/material', auth, materialNew.list);
 router.get('/material', auth, materialNew.list);
 
 
 module.exports = router;
 module.exports = router;

@@ -51,4 +51,6 @@
             </div>
             </div>
         </div>
         </div>
     </div>
     </div>
+
+    <div data-userverify="{{captchaShow}}" data-geetest="{{useGeetest}}" id="js-img-check" {{#unless useGeetest}} class="full-img-verify" {{/unless}}></div>
 </div>
 </div>

 <div class="friend-invite-page yoho-page">
 <div class="friend-invite-page yoho-page">
     {{# friendInviteData}}
     {{# friendInviteData}}
     <div class="banner">
     <div class="banner">
-        <span class="title">您的好友{{nickname}}<br><b>{{#if payText}}发现了好物并推荐给您{{else}}邀请您来有货玩潮流{{/if}}</b></span>
+        <span class="title">您的好友{{{nickname}}}<br><b>{{#if payText}}发现了好物并推荐给您{{else}}邀请您来有货玩潮流{{/if}}</b></span>
         <span class="ico-left"></span>
         <span class="ico-left"></span>
         <span class="ico-right"></span>
         <span class="ico-right"></span>
         {{#if friendsGoods}}
         {{#if friendsGoods}}

@@ -22,7 +22,7 @@
     <div class="reward-related">
     <div class="reward-related">
         <div class="releated-item">
         <div class="releated-item">
             <span>我邀请的好友</span>
             <span>我邀请的好友</span>
-            <span>{{nickName}}</span>
+            <span>{{{nickName}}}</span>
         </div>
         </div>
         <div class="releated-item">
         <div class="releated-item">
             <span>注册时间</span>
             <span>注册时间</span>

@@ -9,7 +9,7 @@
             <div class="head-pic">
             <div class="head-pic">
                 <img src="{{image headIco 200 200}}">
                 <img src="{{image headIco 200 200}}">
             </div>
             </div>
-            <div class="nick-name">{{nickName}}</div>
+            <div class="nick-name">{{{nickName}}}</div>
         </div>
         </div>
         <div class="calculate">
         <div class="calculate">
             <div class="calculate-item">
             <div class="calculate-item">

@@ -42,7 +42,7 @@
 		{{# shareLog}}
 		{{# shareLog}}
 		<div class="student-item">
 		<div class="student-item">
 			<div>{{createTime}}</div>
 			<div>{{createTime}}</div>
-			<div>{{nickName}}</div>
+			<div>{{{nickName}}}</div>
 			<div>
 			<div>
 				<span>+{{reward}}</span>
 				<span>+{{reward}}</span>
 				有货币
 				有货币

@@ -27,7 +27,7 @@
         <li>
         <li>
             <p class="earnings-info">
             <p class="earnings-info">
                 <span class="num">{{#if cancel}}-{{/if}}{{#if already}}+{{/if}}{{coinNum}}</span>
                 <span class="num">{{#if cancel}}-{{/if}}{{#if already}}+{{/if}}{{coinNum}}</span>
-                <span class="user">{{nickName}} <i {{#if cancel}}class="cancel"{{/if}}>{{statusStr}}</i></span>
+                <span class="user">{{{nickName}}} <i {{#if cancel}}class="cancel"{{/if}}>{{statusStr}}</i></span>
 
 
             </p>
             </p>
             <p class="order-info">
             <p class="order-info">

 {{# rewardList}}
 {{# rewardList}}
     <a href="{{detailUrl}}" class="list-item">
     <a href="{{detailUrl}}" class="list-item">
-        <span>{{nickName}}</span>
+        <span>{{{nickName}}}</span>
         <span>{{orderAmountDis}}</span>
         <span>{{orderAmountDis}}</span>
         <span>{{couponName}}</span>
         <span>{{couponName}}</span>
         <span>{{couponStatusDesc}}<i class="iconfont">&#xe614;</i></span>
         <span>{{couponStatusDesc}}<i class="iconfont">&#xe614;</i></span>

@@ -10,6 +10,7 @@ const router = require('express').Router(); //eslint-disable-line
 const cRoot = './controllers';
 const cRoot = './controllers';
 const authMW = require('../../doraemon/middleware/auth');
 const authMW = require('../../doraemon/middleware/auth');
 const disableBFCache = require('../../doraemon/middleware/disable-BFCache');
 const disableBFCache = require('../../doraemon/middleware/disable-BFCache');
+const csrf = require('../../doraemon/middleware/csrf');
 const seckill = require(cRoot + '/seckill');
 const seckill = require(cRoot + '/seckill');
 const order = require(cRoot + '/order');
 const order = require(cRoot + '/order');
 const countController = require(`${cRoot}/count`);
 const countController = require(`${cRoot}/count`);
@@ -41,7 +42,7 @@ router.post('/index/new/orderSub', authMW, order.orderSub); // 订单提交
 router.get('/index/new/selectCoupon', authMW, order.selectCouponsPage); // 选择优惠券 页面 New!
 router.get('/index/new/selectCoupon', authMW, order.selectCouponsPage); // 选择优惠券 页面 New!
 router.post('/index/new/couponList', order.couponList); // [ajax]获取优惠券列表
 router.post('/index/new/couponList', order.couponList); // [ajax]获取优惠券列表
 router.post('/index/new/useCouponCode', order.useCouponCode); // [ajax]购物车输入优惠券码使用优惠券
 router.post('/index/new/useCouponCode', order.useCouponCode); // [ajax]购物车输入优惠券码使用优惠券
-router.get('/index/new/selectAddress', authMW, order.selectAddress); // 选择地址
+router.get('/index/new/selectAddress', authMW, csrf, order.selectAddress); // 选择地址
 router.get('/index/new/invoiceInfo', authMW, order.invoiceInfo); // 发票信息
 router.get('/index/new/invoiceInfo', authMW, order.invoiceInfo); // 发票信息
 router.get('/index/new/jitDetail', authMW, order.jitDetail); // JIT 拆单配送信息
 router.get('/index/new/jitDetail', authMW, order.jitDetail); // JIT 拆单配送信息
 router.get('/index/new/selectGiftcard', authMW, order.selectGiftcard); // 选择礼品卡页面
 router.get('/index/new/selectGiftcard', authMW, order.selectGiftcard); // 选择礼品卡页面

@@ -9,9 +9,9 @@
         {{#if addressInfo}}
         {{#if addressInfo}}
         <div class="address block address-wrap {{#if @root.pageChannel.boys}} boys{{/if}}{{#if @root.pageChannel.girls}} girls{{/if}}{{#if @root.pageChannel.kids}} kids{{/if}}{{#if @root.pageChannel.lifeStyle}} life-style{{/if}}" data-id ="{{addressId}}">
         <div class="address block address-wrap {{#if @root.pageChannel.boys}} boys{{/if}}{{#if @root.pageChannel.girls}} girls{{/if}}{{#if @root.pageChannel.kids}} kids{{/if}}{{#if @root.pageChannel.lifeStyle}} life-style{{/if}}" data-id ="{{addressId}}">
             <div class="info">
             <div class="info">
-                <span class="info-name">{{name}}</span>
+                <span class="info-name">{{{name}}}</span>
                 <span class="info-phone">{{phoneNum}}</span>
                 <span class="info-phone">{{phoneNum}}</span>
-                <a href="{{selectAddressUrl}}"><span class="info-address">{{addressInfo}}</span></a>
+                <a href="{{selectAddressUrl}}"><span class="info-address">{{{addressInfo}}}</span></a>
                 <i class="iconfont">&#xe637;</i>
                 <i class="iconfont">&#xe637;</i>
             </div>
             </div>
             <a class="rest" href="{{selectAddressUrl}}">其他地址<span class="iconfont">&#xe614;</span></a>
             <a class="rest" href="{{selectAddressUrl}}">其他地址<span class="iconfont">&#xe614;</span></a>
@@ -177,7 +177,7 @@
         {{#if addressInfo}}
         {{#if addressInfo}}
         <div class="address-bottom">
         <div class="address-bottom">
             <div class="back"></div>
             <div class="back"></div>
-            <span>送至：{{addressInfo}}</span>
+            <span>送至：{{{addressInfo}}}</span>
         </div>
         </div>
         {{/if}}
         {{/if}}
         <div class="bill">
         <div class="bill">

@@ -2,9 +2,9 @@
     <div class="page-wrap clearfix">
     <div class="page-wrap clearfix">
         {{# address}}
         {{# address}}
         <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}">
         <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}">
-            <span class="name">{{consignee}}</span>
+            <span class="name">{{{consignee}}}</span>
             <span class="tel">{{mobile}}</span>
             <span class="tel">{{mobile}}</span>
-            <p class="address-info">{{area}} {{address}}</p>
+            <p class="address-info">{{area}} {{{address}}}</p>
             <div class="action iconfont">
             <div class="action iconfont">
                 <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=buynow&product_sku={{../product_sku}}&buy_number={{../buy_number}}">&#xe61e;</span>
                 <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=buynow&product_sku={{../product_sku}}&buy_number={{../buy_number}}">&#xe61e;</span>
                 <span class="del" data-id="{{address_id}}">&#xe621;</span>
                 <span class="del" data-id="{{address_id}}">&#xe621;</span>

@@ -9,9 +9,9 @@
         {{#if addressInfo}}
         {{#if addressInfo}}
         <div class="address block address-wrap {{#if @root.pageChannel.boys}} boys{{/if}}{{#if @root.pageChannel.girls}} girls{{/if}}{{#if @root.pageChannel.kids}} kids{{/if}}{{#if @root.pageChannel.lifeStyle}} life-style{{/if}}" data-id ="{{addressId}}">
         <div class="address block address-wrap {{#if @root.pageChannel.boys}} boys{{/if}}{{#if @root.pageChannel.girls}} girls{{/if}}{{#if @root.pageChannel.kids}} kids{{/if}}{{#if @root.pageChannel.lifeStyle}} life-style{{/if}}" data-id ="{{addressId}}">
             <div class="info">
             <div class="info">
-                <span class="info-name">{{name}}</span>
+                <span class="info-name">{{{name}}}</span>
                 <span class="info-phone">{{phoneNum}}</span>
                 <span class="info-phone">{{phoneNum}}</span>
-                <a href="/cart/index/new/selectAddress"><span class="info-address">{{addressInfo}}</span></a>
+                <a href="/cart/index/new/selectAddress"><span class="info-address">{{{addressInfo}}}</span></a>
                 <i class="iconfont">&#xe637;</i>
                 <i class="iconfont">&#xe637;</i>
             </div>
             </div>
             <a class="rest" href="/cart/index/new/selectAddress">其他地址<span class="iconfont">&#xe614;</span></a>
             <a class="rest" href="/cart/index/new/selectAddress">其他地址<span class="iconfont">&#xe614;</span></a>
@@ -182,7 +182,7 @@
         {{#if addressInfo}}
         {{#if addressInfo}}
         <div class="address-bottom">
         <div class="address-bottom">
             <div class="back"></div>
             <div class="back"></div>
-            <span>送至：{{addressInfo}}</span>
+            <span>送至：{{{addressInfo}}}</span>
         </div>
         </div>
         {{/if}}
         {{/if}}
         <div class="bill">
         <div class="bill">

 <div class="my-address-page select-address-page yoho-page">
 <div class="my-address-page select-address-page yoho-page">
     <div class="page-wrap clearfix">
     <div class="page-wrap clearfix">
         {{# address}}
         {{# address}}
+        <input type="hidden" name="_csrf" value="{{@root.csrfToken}}"/>
         <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}">
         <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}">
-            <span class="name">{{consignee}}</span>
+            <span class="name">{{{consignee}}}</span>
             <span class="tel">{{mobile}}</span>
             <span class="tel">{{mobile}}</span>
-            <p class="address-info">{{area}} {{address}}</p>
+            <p class="address-info" data-address="{{area}} {{address}}">{{area}} {{{address}}}</p>
             <div class="action iconfont">
             <div class="action iconfont">
                 <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=shopping">&#xe61e;</span>
                 <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=shopping">&#xe61e;</span>
                 <span class="del" data-id="{{address_id}}">&#xe621;</span>
                 <span class="del" data-id="{{address_id}}">&#xe621;</span>

@@ -9,6 +9,7 @@
 const mRoot = '../models';
 const mRoot = '../models';
 const headerModel = require('../../../doraemon/models/header'); // 头部model
 const headerModel = require('../../../doraemon/models/header'); // 头部model
 const addressModel = require(`${mRoot}/address`); // 地址管理 MODEL
 const addressModel = require(`${mRoot}/address`); // 地址管理 MODEL
+const cleanHtml = require('../../../utils/cleanHtml');
 
 
 /**
 /**
  * 地址管理页面
  * 地址管理页面
@@ -135,7 +136,7 @@ exports.saveAddress = (req, res, next) => {
         uid: req.user.uid,
         uid: req.user.uid,
         address: req.body.address,
         address: req.body.address,
         area_code: req.body.area_code,
         area_code: req.body.area_code,
-        consignee: req.body.consignee,
+        consignee: cleanHtml.htmlEncode(req.body.consignee),
         email: req.body.email,
         email: req.body.email,
         id: req.body.id,
         id: req.body.id,
         mobile: req.body.mobile,
         mobile: req.body.mobile,

@@ -11,6 +11,7 @@ const express = require('express');
 const router = express.Router(); // eslint-disable-line
 const router = express.Router(); // eslint-disable-line
 const auth = require('../../doraemon/middleware/auth');
 const auth = require('../../doraemon/middleware/auth');
 const disableBFCache = require('../../doraemon/middleware/disable-BFCache');
 const disableBFCache = require('../../doraemon/middleware/disable-BFCache');
+const csrf = require('../../doraemon/middleware/csrf');
 
 
 const cRoot = './controllers';
 const cRoot = './controllers';
 const installment = require(cRoot + '/installment');
 const installment = require(cRoot + '/installment');
@@ -49,12 +50,12 @@ router.get('/QRcode/:id', personalController.QRcode);
 router.get('/user/qrcode', auth, newQrcode.index);
 router.get('/user/qrcode', auth, newQrcode.index);
 
 
 /* 个人中心地址管理相关路由 */
 /* 个人中心地址管理相关路由 */
-router.get('/address', auth, addressController.address); // 地址管理页面
-router.get('/addressAct', auth, addressController.addressAct); // 地址添加页面
-router.get('/addressAct/:id', auth, addressController.addressAct); // 地址添加修改页面
-router.post('/saveAddress', addressController.saveAddress); // 新增或者保存地址
+router.get('/address', auth, csrf, addressController.address); // 地址管理页面
+router.get('/addressAct', auth, csrf, addressController.addressAct); // 地址添加页面
+router.get('/addressAct/:id', auth, csrf, addressController.addressAct); // 地址添加修改页面
+router.post('/saveAddress', csrf, addressController.saveAddress); // 新增或者保存地址
 router.post('/defaultAddress', addressController.defaultAddress); // 设置默认地址
 router.post('/defaultAddress', addressController.defaultAddress); // 设置默认地址
-router.post('/delAddress', addressController.delAddress); // 删除地址
+router.post('/delAddress', csrf, addressController.delAddress); // 删除地址
 router.get('/locationList', auth, addressController.locationList); // 异步获取三级地址数据
 router.get('/locationList', auth, addressController.locationList); // 异步获取三级地址数据
 router.get('/addressModify', auth, addressController.addressModify); // 订单详情地址列表
 router.get('/addressModify', auth, addressController.addressModify); // 订单详情地址列表
 router.get('/chooseAddress', auth, addressController.chooseAddress); // 订单详情地址修改
 router.get('/chooseAddress', auth, addressController.chooseAddress); // 订单详情地址修改
@@ -69,8 +70,8 @@ router.get('/delOrder', auth, orderDetailController.delOrder); // 删除订单
 router.get('/readd', auth, orderDetailController.readdData); // 再次购买
 router.get('/readd', auth, orderDetailController.readdData); // 再次购买
 router.get('/cancelOrder', auth, orderDetailController.cancelOrder); // 取消订单
 router.get('/cancelOrder', auth, orderDetailController.cancelOrder); // 取消订单
 router.get('/refundApply', auth, orderDetailController.refundApply); // 申请退款
 router.get('/refundApply', auth, orderDetailController.refundApply); // 申请退款
-router.get('/orders/addressModify', auth, orderDetailController.addressModify); // 订单详情地址修改页面
-router.post('/orders/changeAddress', orderDetailController.changeAddress); // 提交新的地址数据
+router.get('/orders/addressModify', auth, csrf, orderDetailController.addressModify); // 订单详情地址修改页面
+router.post('/orders/changeAddress', csrf, orderDetailController.changeAddress); // 提交新的地址数据
 router.post('/orders/sure', auth, orderController.sure); // 确认收货
 router.post('/orders/sure', auth, orderController.sure); // 确认收货
 
 
 
 

@@ -2,10 +2,11 @@
     <div class="tip">为提高配送时效，请您尽量准确填写四级地址。</div>
     <div class="tip">为提高配送时效，请您尽量准确填写四级地址。</div>
     <div class="my-edit-address-page page-wrap">
     <div class="my-edit-address-page page-wrap">
         <form class="edit-address">
         <form class="edit-address">
+            <input type="hidden" name="_csrf" value="{{@root.csrfToken}}" />
             <input type="hidden" name="id" value="{{address.addressId}}">
             <input type="hidden" name="id" value="{{address.addressId}}">
             <label class="username">
             <label class="username">
                 收 货 人 :
                 收 货 人 :
-                <input type="text" name="consignee" maxlength="21" value="{{address.consignee}}">
+                <input type="text" name="consignee" maxlength="21" value="{{{address.consignee}}}">
             </label>
             </label>
             <label class="mobile">
             <label class="mobile">
                 联系电话:
                 联系电话:
@@ -19,7 +20,7 @@
             </label>
             </label>
             <label class="address">
             <label class="address">
                 详细地址:
                 详细地址:
-                <textarea name="address" maxlength="255">{{address.address}}</textarea>
+                <textarea name="address" maxlength="255">{{{address.address}}}</textarea>
             </label>
             </label>
         </form>
         </form>
         <div class="submit">
         <div class="submit">

@@ -2,9 +2,9 @@
     <div class="page-wrap clearfix modifyAdd" data-rel="{{relation}}" data-order-code="{{orderCode}}">
     <div class="page-wrap clearfix modifyAdd" data-rel="{{relation}}" data-order-code="{{orderCode}}">
         {{# address}}
         {{# address}}
         <div class="address-item" data-address-id="{{addressId}}" >
         <div class="address-item" data-address-id="{{addressId}}" >
-            <span class="name">{{consignee}}</span>
+            <span class="name">{{{consignee}}}</span>
             <span class="tel">{{mobile}}</span>
             <span class="tel">{{mobile}}</span>
-            <p class="address-info">{{area}} {{address}}</p>
+            <p class="address-info">{{area}} {{{address}}}</p>
         </div>
         </div>
         {{/ address}}
         {{/ address}}
 
 

 <div class="my-address-page yoho-page">
 <div class="my-address-page yoho-page">
     <div class="page-wrap">
     <div class="page-wrap">
         {{# address}}
         {{# address}}
+            <input type="hidden" name="_csrf" value="{{@root.csrfToken}}"/>
             <div class="address-item">
             <div class="address-item">
-                <span class="name">{{consignee}}</span>
+                <span class="name">{{{consignee}}}</span>
                 <span class="tel">{{mobile}}</span>
                 <span class="tel">{{mobile}}</span>
-                <p class="address-info">{{area}} {{address}}</p>
+                <p class="address-info">{{area}} {{{address}}}</p>
                 <div class="action iconfont">
                 <div class="action iconfont">
                     <a class="edit" href="/home/addressAct?id={{addressId}}">&#xe61e;</a>
                     <a class="edit" href="/home/addressAct?id={{addressId}}">&#xe61e;</a>
                     <span class="del" data-id="{{addressId}}">&#xe621;</span>
                     <span class="del" data-id="{{addressId}}">&#xe621;</span>

@@ -8,7 +8,7 @@
         <div class="person-detail">
         <div class="person-detail">
             <a href='{{userInfoLink}}' class="user-avatar" data-avatar="{{image head_ico 80 80}}"></a>
             <a href='{{userInfoLink}}' class="user-avatar" data-avatar="{{image head_ico 80 80}}"></a>
             <div class="basic-info">
             <div class="basic-info">
-                <span class="user-name">{{nickname}}</span>
+                <span class="user-name">{{{nickname}}}</span>
                 <span class="gender {{#isEqualOr gender 1}}boy{{/isEqualOr}}{{#isEqualOr gender 2}}girl{{/isEqualOr}}"></span>
                 <span class="gender {{#isEqualOr gender 1}}boy{{/isEqualOr}}{{#isEqualOr gender 2}}girl{{/isEqualOr}}"></span>
             </div>
             </div>
             <div class="info">
             <div class="info">

@@ -14,7 +14,7 @@
         <div class="list-item">
         <div class="list-item">
             <div class="title">昵称</div>
             <div class="title">昵称</div>
             <div class="main">
             <div class="main">
-                <input class="inp nick-name modify" type="text" value="{{nickName}}" />
+                <input class="inp nick-name modify" type="text" value="{{{nickName}}}" />
             </div>
             </div>
             <div class="arr">
             <div class="arr">
                 <span class="iconfont">&#xe604;</span>
                 <span class="iconfont">&#xe604;</span>

@@ -8,7 +8,7 @@
                     <div class="level level-{{vip_info/cur_level}}"></div>
                     <div class="level level-{{vip_info/cur_level}}"></div>
                 </div>
                 </div>
                 <div class="right">
                 <div class="right">
-                    <div class="name eps">{{nickname}}</div>
+                    <div class="name eps">{{{nickname}}}</div>
                     <div class="trend-code-c">
                     <div class="trend-code-c">
                         <div class="dot">#&nbsp;</div>
                         <div class="dot">#&nbsp;</div>
                         <div class="scroll-c go-scroll">
                         <div class="scroll-c go-scroll">

@@ -6,7 +6,7 @@
                 <div class="level level-{{vip_info/cur_level}}"></div>
                 <div class="level level-{{vip_info/cur_level}}"></div>
             </div>
             </div>
             <div class="user-info">
             <div class="user-info">
-                <div class="name eps">{{nickname}}</div>
+                <div class="name eps">{{{nickname}}}</div>
                 <div class="passcode">
                 <div class="passcode">
                     {{#if trendWord}}
                     {{#if trendWord}}
                     <div class="dot">#&nbsp;</div>
                     <div class="dot">#&nbsp;</div>

@@ -6,7 +6,7 @@
     <form class="form edit-address" id="areaForm">
     <form class="form edit-address" id="areaForm">
         <div class="form-group">
         <div class="form-group">
             <label for="username">收货人：</label>
             <label for="username">收货人：</label>
-            <input name="username" type="text" maxlength="21" value="{{consignee}}">
+            <input name="username" type="text" maxlength="21" value="{{{consignee}}}">
         </div>
         </div>
          <div class="form-group">
          <div class="form-group">
             <label for="mobile">联系电话：</label>
             <label for="mobile">联系电话：</label>
@@ -26,9 +26,10 @@
         </div>
         </div>
         <div class="form-group">
         <div class="form-group">
             <label for="address" class="label-address">详细地址：</label>
             <label for="address" class="label-address">详细地址：</label>
-            <textarea name="address" type="text" value="" maxlength="255">{{address}}</textarea>
+            <textarea name="address" type="text" value="" maxlength="255">{{{address}}}</textarea>
         </div>
         </div>
         <input type="hidden" name="orderCode" value="{{orderCode}}">
         <input type="hidden" name="orderCode" value="{{orderCode}}">
+        <input type="hidden" name="_csrf" value="{{@root.csrfToken}}">
     </form>
     </form>
     <div class="tip"><span class="iconfont icon-info"></span>修改地址仅可修改一次，且会影响送货时间，请您谅解！</div>
     <div class="tip"><span class="iconfont icon-info"></span>修改地址仅可修改一次，且会影响送货时间，请您谅解！</div>
     <div class="btn-sure-line">
     <div class="btn-sure-line">

@@ -32,11 +32,11 @@
                 <span class="iconfont">&#xe637;</span>
                 <span class="iconfont">&#xe637;</span>
                 <div class="beside-icon">
                 <div class="beside-icon">
                     <p class="name-phone">
                     <p class="name-phone">
-                        {{deliveryInfo.userName}}
+                        {{{deliveryInfo.userName}}}
                         <span>{{deliveryInfo.mobile}}</span>
                         <span>{{deliveryInfo.mobile}}</span>
                     </p>
                     </p>
                     <p class="address">
                     <p class="address">
-                        {{addressAll}}
+                        {{{addressAll}}}
                     </p>
                     </p>
                 </div>
                 </div>
             </section>
             </section>

 <div class="personal-details yoho-page">
 <div class="personal-details yoho-page">
     <ul>
     <ul>
         <li><span>头像</span><span><i class="head-portrait user-avatar" data-avatar="{{image head_ico 128 128}}"></i></span></li>
         <li><span>头像</span><span><i class="head-portrait user-avatar" data-avatar="{{image head_ico 128 128}}"></i></span></li>
-        <li><span>昵称</span><span>{{ nickname }}</span></li>
+        <li><span>昵称</span><span>{{{ nickname }}}</span></li>
         <li><span>性别</span><span>{{ gender }}</span></li>
         <li><span>性别</span><span>{{ gender }}</span></li>
         <li><span>生日</span><span>{{ birthday }}</span></li>
         <li><span>生日</span><span>{{ birthday }}</span></li>
     </ul>
     </ul>

 {{#if vip3}}
 {{#if vip3}}
     <p>
     <p>
-        <span class="user-name">{{name}}</span>
+        <span class="user-name">{{{name}}}</span>
         <span class="vip-icon vip-3"></span>
         <span class="vip-icon vip-3"></span>
     </p>
     </p>
     <p class="grade-desc">
     <p class="grade-desc">
@@ -20,7 +20,7 @@
 
 
 {{#if vip2}}
 {{#if vip2}}
     <p>
     <p>
-        <span class="user-name">{{name}}</span>
+        <span class="user-name">{{{name}}}</span>
         <span class="vip-icon vip-2"></span>
         <span class="vip-icon vip-2"></span>
     </p>
     </p>
     <p class="grade-desc">
     <p class="grade-desc">
@@ -43,7 +43,7 @@
 
 
 {{#if vip1}}
 {{#if vip1}}
     <p>
     <p>
-        <span class="user-name">{{name}}</span>
+        <span class="user-name">{{{name}}}</span>
         <span class="vip-icon vip-1"></span>
         <span class="vip-icon vip-1"></span>
     </p>
     </p>
     <p class="grade-desc">
     <p class="grade-desc">
@@ -66,7 +66,7 @@
 
 
 {{#if vip0}}
 {{#if vip0}}
     <p>
     <p>
-        <span class="user-name">{{name}}</span>
+        <span class="user-name">{{{name}}}</span>
         <span>普通会员</span>
         <span>普通会员</span>
     </p>
     </p>
     <p class="grade-desc">
     <p class="grade-desc">

@@ -203,11 +203,14 @@ const shop = {
     _getMiniAppPath(req, brands, shopId) {
     _getMiniAppPath(req, brands, shopId) {
         let minis = {};
         let minis = {};
 
 
-        // param:品牌ID|店铺ID, name:品牌名称, miniQrType 7:商品,2:品牌,3:店铺,miniapp_type 0:有货,1:新与力
+        // param:品牌ID|店铺ID, name:品牌名称, miniQrType 7:商品,2:品牌,10:店铺,miniapp_type 0:有货,1:新与力
         if (shopId) {
         if (shopId) {
             minis = Object.assign(minis, {
             minis = Object.assign(minis, {
-                param: shopId,
-                miniQrType: 3
+                param: JSON.stringify({
+                    shopId: shopId,
+                    union_type: req.query.union_type || req.cookies.unionTypeYas || '',
+                }),
+                miniQrType: 10
             });
             });
         } else if (!brands || brands.length !== 1) {
         } else if (!brands || brands.length !== 1) {
             minis = Object.assign(minis, {
             minis = Object.assign(minis, {

@@ -71,7 +71,7 @@ const newGoods = (req, res, next) => {
     });
     });
 
 
     // 唤起 APP 的路径
     // 唤起 APP 的路径
-    res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${JSON.stringify(appParams)}}`;
+    res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${encodeURIComponent(JSON.stringify(appParams))}}`;
 
 
     let seoTitle = '【潮流新品】_引领潮流_2018时尚潮流新品-YOHO!BUY 有货';
     let seoTitle = '【潮流新品】_引领潮流_2018时尚潮流新品-YOHO!BUY 有货';
 
 
@@ -144,7 +144,7 @@ const _newGoods = (req, res, next) => {
     });
     });
 
 
     // 唤起 APP 的路径
     // 唤起 APP 的路径
-    res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${JSON.stringify(appParams)}}`;
+    res.locals.appPath = `yohobuy://yohobuy.com/goapp?openby:yohobuy={"action":"go.new","params":${encodeURIComponent(JSON.stringify(appParams))}}`;
 
 
     req.ctx(newModel).indexData(uid, channel).then(result => {
     req.ctx(newModel).indexData(uid, channel).then(result => {
         let shopList = _.get(result, 'shop_list', []);
         let shopList = _.get(result, 'shop_list', []);

@@ -3,7 +3,7 @@
         {{# comments}}
         {{# comments}}
             <div class="comment-item clearfix">
             <div class="comment-item clearfix">
                 <div class="user-info clearfix">
                 <div class="user-info clearfix">
-                    <span class="user-name">{{userName}}</span>
+                    <span class="user-name">{{{userName}}}</span>
                     <span class="goods-spec">
                     <span class="goods-spec">
                     购买了<b>{{color}}</b>
                     购买了<b>{{color}}</b>
                     </span>
                     </span>

@@ -12,11 +12,11 @@
             <div class="comment-content-main content-main clearfix">
             <div class="comment-content-main content-main clearfix">
                 {{# comments}}
                 {{# comments}}
                     <span class="user-name">
                     <span class="user-name">
-                        {{userName}}
+                        {{{userName}}}
                     </span>
                     </span>
                     <p class="goods-spec">
                     <p class="goods-spec">
                         购买了{{desc}}
                         购买了{{desc}}
-                    </>
+                    </p>
                     <p class="detail-content">
                     <p class="detail-content">
                         {{content}}
                         {{content}}
                     </p>
                     </p>

+'use strict';
+
+const csrf = require('csurf');
+const csrfInit = csrf();
+
+module.exports = (req, res, next) => {
+    return csrfInit(req, res, (e) => {
+        res.locals.csrfToken = req.csrfToken();
+
+        return next(e);
+    });
+};

@@ -106,9 +106,11 @@ exports.serverError = () => {
 
 
         forceNoCache(res);
         forceNoCache(res);
 
 
-        err.code = err.code || err.statusCode || 500;
+        err = err || {};
 
 
-        if (!err.type === 'entity.parse.failed') { // json 解析失败不上报错误
+        err.code = parseInt(err.code || err.statusCode, 10) || 500;
+
+        if (err.type !== 'entity.parse.failed') { // json 解析失败不上报错误
             logger.error(`error at path: ${req.url}`);
             logger.error(`error at path: ${req.url}`);
             logger.error(err);
             logger.error(err);
         }
         }
@@ -199,7 +201,7 @@ exports.serverError = () => {
         }
         }
 
 
         if (!res.headersSent) {
         if (!res.headersSent) {
-            return _err500(req, res, err.code, err);
+            return _err500(req, res, 500, err);
         }
         }
 
 
         return next(err);
         return next(err);

 {
 {
   "name": "yohobuywap-node",
   "name": "yohobuywap-node",
-  "version": "6.6.15",
+  "version": "6.6.17",
   "private": true,
   "private": true,
   "description": "A New Yohobuy Project With Express",
   "description": "A New Yohobuy Project With Express",
   "repository": {
   "repository": {
@@ -62,6 +62,7 @@
     "connect-redis": "^3.3.3",
     "connect-redis": "^3.3.3",
     "cookie-parser": "^1.4.3",
     "cookie-parser": "^1.4.3",
     "cssnano": "^3.10.0",
     "cssnano": "^3.10.0",
+    "csurf": "^1.9.0",
     "express": "^4.16.3",
     "express": "^4.16.3",
     "feed": "^1.1.0",
     "feed": "^1.1.0",
     "geetest": "^4.1.2",
     "geetest": "^4.1.2",

@@ -2,7 +2,7 @@
 <div class="invite-share">
 <div class="invite-share">
     <span class="close-invite iconfont">&#xe72d;</span>
     <span class="close-invite iconfont">&#xe72d;</span>
     <img class="head-ico" src="{{image headIco 75 75}}">
     <img class="head-ico" src="{{image headIco 75 75}}">
-    <span class="invite-name">"{{nickname}}"邀请你来有货玩潮流</span>
+    <span class="invite-name">"{{{nickname}}}"邀请你来有货玩潮流</span>
     <p class="invite-trend">{{#if trendWord}}# {{trendWord}} #{{else}}{{inviteCode}}{{/if}}</p>
     <p class="invite-trend">{{#if trendWord}}# {{trendWord}} #{{else}}{{inviteCode}}{{/if}}</p>
     <a href="//m.yohobuy.com/activity/friend-invite?inviteCode={{inviteCode}}" class="invite-go">现在就去</a>
     <a href="//m.yohobuy.com/activity/friend-invite?inviteCode={{inviteCode}}" class="invite-go">现在就去</a>
 </div>
 </div>

@@ -13,7 +13,7 @@
                 <div class="user-info clearfix">
                 <div class="user-info clearfix">
                 {{# comments}}
                 {{# comments}}
                     <span class="user-name">
                     <span class="user-name">
-                        {{userName}}
+                        {{{userName}}}
                     </span>
                     </span>
                 <span class="goods-spec">
                 <span class="goods-spec">
                     购买了<b>{{color}}</b>
                     购买了<b>{{color}}</b>

@@ -3,7 +3,15 @@ require('3party/question-detail.page.css');
 let $ = require('yoho-jquery'),
 let $ = require('yoho-jquery'),
     yoho = require('yoho-app'),
     yoho = require('yoho-app'),
     tipDg = require('plugin/tip'),
     tipDg = require('plugin/tip'),
-    share = require('common/share');
+    share = require('common/share'),
+    Validate = require('plugin/validata');
+
+let validate = new Validate('#js-img-check', {
+    useREM: {
+        rootFontSize: 40,
+        picWidth: 150
+    }
+});
 
 
 let question = {
 let question = {
     $base: $('#qs-wrap'),
     $base: $('#qs-wrap'),
@@ -197,50 +205,53 @@ let question = {
         }
         }
     },
     },
     saveAnswers: function(info) {
     saveAnswers: function(info) {
-        var that = this;
-
-        if (this.saving || !info || !info.length) {
+        if (!info || !info.length) {
             return;
             return;
         }
         }
 
 
-        this.saving = true;
-
-        setTimeout(function() {
-            that.saving = false;
-        }, 5000);
+        return validate.getResults().then(result => {
+            if (typeof result === 'undefined') {
+                return;
+            }
 
 
-        $.ajax({
-            type: 'POST',
-            url: '/3party/questionnaire/submit',
-            data: {
+            let params = {
                 id: this.$base.data('id'),
                 id: this.$base.data('id'),
                 uid: this.$base.data('cid'),
                 uid: this.$base.data('cid'),
                 startTime: this.startTime,
                 startTime: this.startTime,
                 endTime: Date.parse(new Date()) / 1000,
                 endTime: Date.parse(new Date()) / 1000,
                 frontAnswers: JSON.stringify(info),
                 frontAnswers: JSON.stringify(info),
                 mobile: this.$mobile.val()
                 mobile: this.$mobile.val()
-            }
-        }).then(function(data) {
-            that.saving = false;
-            if (data.code === 200 || data.code === 206) {
-                let tip = '调查问卷已成功提交,感谢您的帮助！';
+            };
 
 
-                if (data.code === 206 && data.message) {
-                    tip = data.message;
-                }
+            $.extend(params, result);
+
+            $.ajax({
+                type: 'POST',
+                url: '/3party/questionnaire/submit',
+                data: params
+            }).then(function(data) {
+                validate.type === 2 && validate.refresh();
 
 
-                tipDg.show(tip);
+                if (data.code === 200 || data.code === 206) {
+                    let tip = '调查问卷已成功提交,感谢您的帮助！';
 
 
-                setTimeout(function() {
-                    if (yoho.isApp) {
-                        yoho.invokeMethod('go.back');
-                    } else {
-                        window.history.go(-1);
+                    if (data.code === 206 && data.message) {
+                        tip = data.message;
                     }
                     }
-                }, 2000);
-            } else {
-                tipDg.show(data.message || '网络出了点问题~');
-            }
+
+                    tipDg.show(tip);
+
+                    setTimeout(function() {
+                        if (yoho.isApp) {
+                            yoho.invokeMethod('go.back');
+                        } else {
+                            window.history.go(-1);
+                        }
+                    }, 2000);
+                } else {
+                    tipDg.show(data.message || '网络出了点问题~');
+                }
+            });
         });
         });
     }
     }
 };
 };

@@ -40,7 +40,8 @@ $confim.on('touchend', '.cancel', function() {
         method: 'POST',
         method: 'POST',
         url: '/home/delAddress',
         url: '/home/delAddress',
         data: {
         data: {
-            id: deleteId
+            id: deleteId,
+            _csrf: $('input[name=_csrf]').val()
         }
         }
     }).then(function(res) {
     }).then(function(res) {
         if ($.type(res) !== 'object') {
         if ($.type(res) !== 'object') {

@@ -20,7 +20,7 @@ $('.address-item').on('click', function() {
         address_id: addressId,
         address_id: addressId,
         consignee: $this.find('.name').text(),
         consignee: $this.find('.name').text(),
         mobile: $this.find('.tel').text(),
         mobile: $this.find('.tel').text(),
-        address_info: $this.find('.address-info').text(),
+        address_info: $this.find('.address-info').data('address'),
         is_support: $this.data('is-support')
         is_support: $this.data('is-support')
     };
     };
 
 

@@ -26,6 +26,10 @@ function cookie(name) {
     var re = new RegExp(name + '=([^;$]*)', 'i'),
     var re = new RegExp(name + '=([^;$]*)', 'i'),
         matchPattern = '$1';
         matchPattern = '$1';
 
 
+    if (name === '_UID') {
+        return decodeURIComponent(re.test(document.cookie) ? RegExp[matchPattern] : '');
+    }
+
     try {
     try {
         return re.test(decodeURIComponent(document.cookie)) ? RegExp[matchPattern] : '';
         return re.test(decodeURIComponent(document.cookie)) ? RegExp[matchPattern] : '';
     } catch (e) {
     } catch (e) {

@@ -40,7 +40,8 @@ $confim.on('touchend', '.cancel', function() {
         method: 'POST',
         method: 'POST',
         url: '/home/delAddress',
         url: '/home/delAddress',
         data: {
         data: {
-            id: deleteId
+            id: deleteId,
+            _csrf: $('input[name=_csrf]').val()
         }
         }
     }).then(function(res) {
     }).then(function(res) {
         if ($.type(res) !== 'object') {
         if ($.type(res) !== 'object') {

+@import "layout/img-check";
+
 body {
 body {
     background: #f0f0f0;
     background: #f0f0f0;
 }
 }

+'use strict';
+
+const re = /(\r\n)|["\'<>]/g;
+const htmlEntity = {
+    '&amp;': '\u0026',
+    '&quot;': '\u0022',
+    '&apos;': '\u0027',
+    '&lt;': '\u003c',
+    '&gt;': '\u003e'
+};
+
+exports.htmlDecode = function(txt) {
+    txt = txt || '';
+    return txt.replace(/((&(([a-z][a-z0-9]*)|(#[0-9]+)|(#x[0-9a-f]+));)|["'<>&])/gi, function(s) {
+        s = s || '';
+        const s1 = htmlEntity[s.toLowerCase()];
+
+        if (s1) {
+            s = s1;
+        }
+
+        return s;
+    });
+};
+
+exports.htmlEncode = function(str) {
+    str = str || '';
+    return str.replace(re, function(s) {
+        switch (s) {
+            case '"':
+                return '&quot;';
+            case '\'':
+                return '&apos;';
+            case '<':
+                return '&lt;';
+            case '>':
+                return '&gt;';
+            default:
+                return s;
+        }
+    });
+};

@@ -2240,6 +2240,14 @@ crypto-random-string@^1.0.0:
   version "1.0.0"
   version "1.0.0"
   resolved "http://npm.yohops.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e"
   resolved "http://npm.yohops.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e"
 
 
+csrf@~3.0.3:
+  version "3.0.6"
+  resolved "http://npm.yohops.com/csrf/-/csrf-3.0.6.tgz#b61120ddceeafc91e76ed5313bb5c0b2667b710a"
+  dependencies:
+    rndm "1.2.0"
+    tsscmp "1.0.5"
+    uid-safe "2.1.4"
+
 css-color-function@~1.3.3:
 css-color-function@~1.3.3:
   version "1.3.3"
   version "1.3.3"
   resolved "http://npm.yohops.com/css-color-function/-/css-color-function-1.3.3.tgz#8ed24c2c0205073339fafa004bc8c141fccb282e"
   resolved "http://npm.yohops.com/css-color-function/-/css-color-function-1.3.3.tgz#8ed24c2c0205073339fafa004bc8c141fccb282e"
@@ -2402,6 +2410,15 @@ cssom@^0.3.2:
   version "0.3.2"
   version "0.3.2"
   resolved "http://npm.yohops.com/cssom/-/cssom-0.3.2.tgz#b8036170c79f07a90ff2f16e22284027a243848b"
   resolved "http://npm.yohops.com/cssom/-/cssom-0.3.2.tgz#b8036170c79f07a90ff2f16e22284027a243848b"
 
 
+csurf@^1.9.0:
+  version "1.9.0"
+  resolved "http://npm.yohops.com/csurf/-/csurf-1.9.0.tgz#49d2c6925ffcec7b7de559597c153fa533364133"
+  dependencies:
+    cookie "0.3.1"
+    cookie-signature "1.0.6"
+    csrf "~3.0.3"
+    http-errors "~1.5.0"
+
 currently-unhandled@^0.4.1:
 currently-unhandled@^0.4.1:
   version "0.4.1"
   version "0.4.1"
   resolved "http://npm.yohops.com/currently-unhandled/-/currently-unhandled-0.4.1.tgz#988df33feab191ef799a61369dd76c17adf957ea"
   resolved "http://npm.yohops.com/currently-unhandled/-/currently-unhandled-0.4.1.tgz#988df33feab191ef799a61369dd76c17adf957ea"
@@ -4042,6 +4059,14 @@ http-errors@1.6.3, http-errors@~1.6.2, http-errors@~1.6.3:
     setprototypeof "1.1.0"
     setprototypeof "1.1.0"
     statuses ">= 1.4.0 < 2"
     statuses ">= 1.4.0 < 2"
 
 
+http-errors@~1.5.0:
+  version "1.5.1"
+  resolved "http://npm.yohops.com/http-errors/-/http-errors-1.5.1.tgz#788c0d2c1de2c81b9e6e8c01843b6b97eb920750"
+  dependencies:
+    inherits "2.0.3"
+    setprototypeof "1.0.2"
+    statuses ">= 1.3.1 < 2"
+
 http-parser-js@>=0.4.0:
 http-parser-js@>=0.4.0:
   version "0.4.13"
   version "0.4.13"
   resolved "http://npm.yohops.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137"
   resolved "http://npm.yohops.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137"
@@ -7828,6 +7853,10 @@ ripemd160@^2.0.0, ripemd160@^2.0.1:
     hash-base "^3.0.0"
     hash-base "^3.0.0"
     inherits "^2.0.1"
     inherits "^2.0.1"
 
 
+rndm@1.2.0:
+  version "1.2.0"
+  resolved "http://npm.yohops.com/rndm/-/rndm-1.2.0.tgz#f33fe9cfb52bbfd520aa18323bc65db110a1b76c"
+
 run-async@^2.0.0, run-async@^2.2.0:
 run-async@^2.0.0, run-async@^2.2.0:
   version "2.3.0"
   version "2.3.0"
   resolved "http://npm.yohops.com/run-async/-/run-async-2.3.0.tgz#0371ab4ae0bdd720d4166d7dfda64ff7a445a6c0"
   resolved "http://npm.yohops.com/run-async/-/run-async-2.3.0.tgz#0371ab4ae0bdd720d4166d7dfda64ff7a445a6c0"
@@ -8008,6 +8037,10 @@ setimmediate@^1.0.4:
   version "1.0.5"
   version "1.0.5"
   resolved "http://npm.yohops.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
   resolved "http://npm.yohops.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
 
 
+setprototypeof@1.0.2:
+  version "1.0.2"
+  resolved "http://npm.yohops.com/setprototypeof/-/setprototypeof-1.0.2.tgz#81a552141ec104b88e89ce383103ad5c66564d08"
+
 setprototypeof@1.0.3:
 setprototypeof@1.0.3:
   version "1.0.3"
   version "1.0.3"
   resolved "http://npm.yohops.com/setprototypeof/-/setprototypeof-1.0.3.tgz#66567e37043eeb4f04d91bd658c0cbefb55b8e04"
   resolved "http://npm.yohops.com/setprototypeof/-/setprototypeof-1.0.3.tgz#66567e37043eeb4f04d91bd658c0cbefb55b8e04"
@@ -8864,6 +8897,10 @@ tslib@^1.9.0:
   version "1.9.2"
   version "1.9.2"
   resolved "http://npm.yohops.com/tslib/-/tslib-1.9.2.tgz#8be0cc9a1f6dc7727c38deb16c2ebd1a2892988e"
   resolved "http://npm.yohops.com/tslib/-/tslib-1.9.2.tgz#8be0cc9a1f6dc7727c38deb16c2ebd1a2892988e"
 
 
+tsscmp@1.0.5:
+  version "1.0.5"
+  resolved "http://npm.yohops.com/tsscmp/-/tsscmp-1.0.5.tgz#7dc4a33af71581ab4337da91d85ca5427ebd9a97"
+
 tty-browserify@0.0.0:
 tty-browserify@0.0.0:
   version "0.0.0"
   version "0.0.0"
   resolved "http://npm.yohops.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6"
   resolved "http://npm.yohops.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6"
@@ -8928,6 +8965,12 @@ uglifyjs-webpack-plugin@^1.2.4:
     webpack-sources "^1.1.0"
     webpack-sources "^1.1.0"
     worker-farm "^1.5.2"
     worker-farm "^1.5.2"
 
 
+uid-safe@2.1.4:
+  version "2.1.4"
+  resolved "http://npm.yohops.com/uid-safe/-/uid-safe-2.1.4.tgz#3ad6f38368c6d4c8c75ec17623fb79aa1d071d81"
+  dependencies:
+    random-bytes "~1.0.0"
+
 uid-safe@~2.1.2:
 uid-safe@~2.1.2:
   version "2.1.5"
   version "2.1.5"
   resolved "http://npm.yohops.com/uid-safe/-/uid-safe-2.1.5.tgz#2b3d5c7240e8fc2e58f8aa269e5ee49c0857bd3a"
   resolved "http://npm.yohops.com/uid-safe/-/uid-safe-2.1.5.tgz#2b3d5c7240e8fc2e58f8aa269e5ee49c0857bd3a"