http://qmc.yohops.com/onlinebug/detail?id=641 xss攻击

mali
Commit 2ddd893e25697de5e9d9ac245816fb90a951a2a4 1 parent 6e63fb67
Showing 3 changed files with 18 additions and 9 deletions
web/src/main/webapp/html/sellerProductCode/audit.html
web/src/main/webapp/html/sellerProductCode/list.html
web/src/main/webapp/html/sellerProductCode/view.html
--- a/web/src/main/webapp/html/sellerProductCode/audit.html
View file @2ddd893
+++ b/web/src/main/webapp/html/sellerProductCode/audit.html
View file @2ddd893
@@ -141,11 +141,11 @@ function getDetailInfo(id){
          dataType: 'json',
          success: function (result) {
              if(result.code == 200) {
-            	 $("#brandValue").html(result.data.brand);
-            	 $("#productNameValue").html(result.data.productName);
+            	 $("#brandValue").html(result.data.brand.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
+            	 $("#productNameValue").html(result.data.productName.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
             	 $("#priceValue").html(result.data.price);
             	 $("#saleTimeValue").html(result.data.saleTime);
-            	 $("#productCodeValue").html(result.data.productCode);
+            	 $("#productCodeValue").html(result.data.productCode.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
             	 var imageStr = "";
             	 for (var i=0;i<result.data.imageList.length;i++){
             		 imageStr += "<img height='132px;' width='211px;' class='pimg' src='"+result.data.imageList[i]+"'/>";
--- a/web/src/main/webapp/html/sellerProductCode/list.html
View file @2ddd893
+++ b/web/src/main/webapp/html/sellerProductCode/list.html
View file @2ddd893
@@ -100,12 +100,18 @@ function loadMainList(){
             title: "品牌*",
             field: "brand",
             width: 20,
-            align: "center"
+            align: "center",
+            formatter: function (value, rowData, rowIndex) {
+                return value.replace(/</ig, '&lt;').replace(/>/ig, '&gt;');
+            }
         }, {
             title: "商品名称*",
             field: "productName",
             width: 20,
-            align: "center"
+            align: "center",
+            formatter: function (value, rowData, rowIndex) {
+                return value.replace(/</ig, '&lt;').replace(/>/ig, '&gt;');
+            }
         }, {
             title: "发售价",
             field: "price",
@@ -120,7 +126,10 @@ function loadMainList(){
             title: "货号*",
             field: "productCode",
             width: 20,
-            align: "center"
+            align: "center",
+            formatter: function (value, rowData, rowIndex) {
+                return value.replace(/</ig, '&lt;').replace(/>/ig, '&gt;');
+            }
         }, {
             title: "创建时间",
             field: "createTimeStr",
--- a/web/src/main/webapp/html/sellerProductCode/view.html
View file @2ddd893
+++ b/web/src/main/webapp/html/sellerProductCode/view.html
View file @2ddd893
@@ -106,11 +106,11 @@ function getDetailInfo(id){
          dataType: 'json',
          success: function (result) {
              if(result.code == 200) {
-            	 $("#brandValue").html(result.data.brand);
-            	 $("#productNameValue").html(result.data.productName);
+            	 $("#brandValue").html(result.data.brand.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
+            	 $("#productNameValue").html(result.data.productName.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
             	 $("#priceValue").html(result.data.price);
             	 $("#saleTimeValue").html(result.data.saleTime);
-            	 $("#productCodeValue").html(result.data.productCode);
+            	 $("#productCodeValue").html(result.data.productCode.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
             	 var imageStr = "";
             	 for (var i=0;i<result.data.imageList.length;i++){
             		 imageStr += "<img height='132px;' width='211px;' class='pimg' src='"+result.data.imageList[i]+"'/>";