Showing
11 changed files
with
53 additions
and
10 deletions
| 1 | <div class="friend-invite-page yoho-page"> | 1 | <div class="friend-invite-page yoho-page"> |
| 2 | {{# friendInviteData}} | 2 | {{# friendInviteData}} |
| 3 | <div class="banner"> | 3 | <div class="banner"> |
| 4 | - <span class="title">您的好友{{nickname}}<br><b>{{#if payText}}发现了好物并推荐给您{{else}}邀请您来有货玩潮流{{/if}}</b></span> | 4 | + <span class="title">您的好友{{{nickname}}}<br><b>{{#if payText}}发现了好物并推荐给您{{else}}邀请您来有货玩潮流{{/if}}</b></span> |
| 5 | <span class="ico-left"></span> | 5 | <span class="ico-left"></span> |
| 6 | <span class="ico-right"></span> | 6 | <span class="ico-right"></span> |
| 7 | {{#if friendsGoods}} | 7 | {{#if friendsGoods}} |
| @@ -22,7 +22,7 @@ | @@ -22,7 +22,7 @@ | ||
| 22 | <div class="reward-related"> | 22 | <div class="reward-related"> |
| 23 | <div class="releated-item"> | 23 | <div class="releated-item"> |
| 24 | <span>我邀请的好友</span> | 24 | <span>我邀请的好友</span> |
| 25 | - <span>{{nickName}}</span> | 25 | + <span>{{{nickName}}}</span> |
| 26 | </div> | 26 | </div> |
| 27 | <div class="releated-item"> | 27 | <div class="releated-item"> |
| 28 | <span>注册时间</span> | 28 | <span>注册时间</span> |
| @@ -9,7 +9,7 @@ | @@ -9,7 +9,7 @@ | ||
| 9 | <div class="head-pic"> | 9 | <div class="head-pic"> |
| 10 | <img src="{{image headIco 200 200}}"> | 10 | <img src="{{image headIco 200 200}}"> |
| 11 | </div> | 11 | </div> |
| 12 | - <div class="nick-name">{{nickName}}</div> | 12 | + <div class="nick-name">{{{nickName}}}</div> |
| 13 | </div> | 13 | </div> |
| 14 | <div class="calculate"> | 14 | <div class="calculate"> |
| 15 | <div class="calculate-item"> | 15 | <div class="calculate-item"> |
| @@ -42,7 +42,7 @@ | @@ -42,7 +42,7 @@ | ||
| 42 | {{# shareLog}} | 42 | {{# shareLog}} |
| 43 | <div class="student-item"> | 43 | <div class="student-item"> |
| 44 | <div>{{createTime}}</div> | 44 | <div>{{createTime}}</div> |
| 45 | - <div>{{nickName}}</div> | 45 | + <div>{{{nickName}}}</div> |
| 46 | <div> | 46 | <div> |
| 47 | <span>+{{reward}}</span> | 47 | <span>+{{reward}}</span> |
| 48 | 有货币 | 48 | 有货币 |
| @@ -27,7 +27,7 @@ | @@ -27,7 +27,7 @@ | ||
| 27 | <li> | 27 | <li> |
| 28 | <p class="earnings-info"> | 28 | <p class="earnings-info"> |
| 29 | <span class="num">{{#if cancel}}-{{/if}}{{#if already}}+{{/if}}{{coinNum}}</span> | 29 | <span class="num">{{#if cancel}}-{{/if}}{{#if already}}+{{/if}}{{coinNum}}</span> |
| 30 | - <span class="user">{{nickName}} <i {{#if cancel}}class="cancel"{{/if}}>{{statusStr}}</i></span> | 30 | + <span class="user">{{{nickName}}} <i {{#if cancel}}class="cancel"{{/if}}>{{statusStr}}</i></span> |
| 31 | 31 | ||
| 32 | </p> | 32 | </p> |
| 33 | <p class="order-info"> | 33 | <p class="order-info"> |
| @@ -5,7 +5,7 @@ | @@ -5,7 +5,7 @@ | ||
| 5 | <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}"> | 5 | <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}"> |
| 6 | <span class="name">{{{consignee}}}</span> | 6 | <span class="name">{{{consignee}}}</span> |
| 7 | <span class="tel">{{mobile}}</span> | 7 | <span class="tel">{{mobile}}</span> |
| 8 | - <p class="address-info">{{area}} {{{address}}}</p> | 8 | + <p class="address-info" data-address="{{area}} {{address}}">{{area}} {{{address}}}</p> |
| 9 | <div class="action iconfont"> | 9 | <div class="action iconfont"> |
| 10 | <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=shopping"></span> | 10 | <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=shopping"></span> |
| 11 | <span class="del" data-id="{{address_id}}"></span> | 11 | <span class="del" data-id="{{address_id}}"></span> |
| @@ -9,6 +9,7 @@ | @@ -9,6 +9,7 @@ | ||
| 9 | const mRoot = '../models'; | 9 | const mRoot = '../models'; |
| 10 | const headerModel = require('../../../doraemon/models/header'); // 头部model | 10 | const headerModel = require('../../../doraemon/models/header'); // 头部model |
| 11 | const addressModel = require(`${mRoot}/address`); // 地址管理 MODEL | 11 | const addressModel = require(`${mRoot}/address`); // 地址管理 MODEL |
| 12 | +const cleanHtml = require('../../../utils/cleanHtml'); | ||
| 12 | 13 | ||
| 13 | /** | 14 | /** |
| 14 | * 地址管理页面 | 15 | * 地址管理页面 |
| @@ -135,7 +136,7 @@ exports.saveAddress = (req, res, next) => { | @@ -135,7 +136,7 @@ exports.saveAddress = (req, res, next) => { | ||
| 135 | uid: req.user.uid, | 136 | uid: req.user.uid, |
| 136 | address: req.body.address, | 137 | address: req.body.address, |
| 137 | area_code: req.body.area_code, | 138 | area_code: req.body.area_code, |
| 138 | - consignee: req.body.consignee, | 139 | + consignee: cleanHtml.htmlEncode(req.body.consignee), |
| 139 | email: req.body.email, | 140 | email: req.body.email, |
| 140 | id: req.body.id, | 141 | id: req.body.id, |
| 141 | mobile: req.body.mobile, | 142 | mobile: req.body.mobile, |
| @@ -14,7 +14,7 @@ | @@ -14,7 +14,7 @@ | ||
| 14 | <div class="list-item"> | 14 | <div class="list-item"> |
| 15 | <div class="title">昵称</div> | 15 | <div class="title">昵称</div> |
| 16 | <div class="main"> | 16 | <div class="main"> |
| 17 | - <input class="inp nick-name modify" type="text" value="{{nickName}}" /> | 17 | + <input class="inp nick-name modify" type="text" value="{{{nickName}}}" /> |
| 18 | </div> | 18 | </div> |
| 19 | <div class="arr"> | 19 | <div class="arr"> |
| 20 | <span class="iconfont"></span> | 20 | <span class="iconfont"></span> |
| @@ -6,7 +6,7 @@ | @@ -6,7 +6,7 @@ | ||
| 6 | <div class="level level-{{vip_info/cur_level}}"></div> | 6 | <div class="level level-{{vip_info/cur_level}}"></div> |
| 7 | </div> | 7 | </div> |
| 8 | <div class="user-info"> | 8 | <div class="user-info"> |
| 9 | - <div class="name eps">{{nickname}}</div> | 9 | + <div class="name eps">{{{nickname}}}</div> |
| 10 | <div class="passcode"> | 10 | <div class="passcode"> |
| 11 | {{#if trendWord}} | 11 | {{#if trendWord}} |
| 12 | <div class="dot"># </div> | 12 | <div class="dot"># </div> |
| @@ -20,7 +20,7 @@ $('.address-item').on('click', function() { | @@ -20,7 +20,7 @@ $('.address-item').on('click', function() { | ||
| 20 | address_id: addressId, | 20 | address_id: addressId, |
| 21 | consignee: $this.find('.name').text(), | 21 | consignee: $this.find('.name').text(), |
| 22 | mobile: $this.find('.tel').text(), | 22 | mobile: $this.find('.tel').text(), |
| 23 | - address_info: $this.find('.address-info').text(), | 23 | + address_info: $this.find('.address-info').data('address'), |
| 24 | is_support: $this.data('is-support') | 24 | is_support: $this.data('is-support') |
| 25 | }; | 25 | }; |
| 26 | 26 |
utils/cleanHtml.js
0 → 100644
| 1 | +'use strict'; | ||
| 2 | + | ||
| 3 | +const re = /(\r\n)|["\'<>]/g; | ||
| 4 | +const htmlEntity = { | ||
| 5 | + '&': '\u0026', | ||
| 6 | + '"': '\u0022', | ||
| 7 | + ''': '\u0027', | ||
| 8 | + '<': '\u003c', | ||
| 9 | + '>': '\u003e' | ||
| 10 | +}; | ||
| 11 | + | ||
| 12 | +exports.htmlDecode = function(txt) { | ||
| 13 | + txt = txt || ''; | ||
| 14 | + return txt.replace(/((&(([a-z][a-z0-9]*)|(#[0-9]+)|(#x[0-9a-f]+));)|["'<>&])/gi, function(s) { | ||
| 15 | + s = s || ''; | ||
| 16 | + const s1 = htmlEntity[s.toLowerCase()]; | ||
| 17 | + | ||
| 18 | + if (s1) { | ||
| 19 | + s = s1; | ||
| 20 | + } | ||
| 21 | + | ||
| 22 | + return s; | ||
| 23 | + }); | ||
| 24 | +}; | ||
| 25 | + | ||
| 26 | +exports.htmlEncode = function(str) { | ||
| 27 | + str = str || ''; | ||
| 28 | + return str.replace(re, function(s) { | ||
| 29 | + switch (s) { | ||
| 30 | + case '"': | ||
| 31 | + return '"'; | ||
| 32 | + case '\'': | ||
| 33 | + return '''; | ||
| 34 | + case '<': | ||
| 35 | + return '<'; | ||
| 36 | + case '>': | ||
| 37 | + return '>'; | ||
| 38 | + default: | ||
| 39 | + return s; | ||
| 40 | + } | ||
| 41 | + }); | ||
| 42 | +}; |
-
Please register or login to post a comment