ufo / ufo-platform · Commits

Go to a project

Authored by mali
Commit 71375a3287cf4da5f075584adba2ab2649841ae3 1 parent 183a08a5

http://qmc.yohops.com/onlinebug/detail?id=641 xss攻击

Inline Side-by-side
Showing 5 changed files with 14 additions and 9 deletions
... ... @@ -141,11 +141,11 @@ function getDetailInfo(id){
dataType: 'json',
success: function (result) {
if(result.code == 200) {
$("#brandValue").html(result.data.brand.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
$("#productNameValue").html(result.data.productName.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
$("#brandValue").html(replacexss(result.data.brand));
$("#productNameValue").html(replacexss(result.data.productName));
$("#priceValue").html(result.data.price);
$("#saleTimeValue").html(result.data.saleTime);
$("#productCodeValue").html(result.data.productCode.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
$("#productCodeValue").html(replacexss(result.data.productCode));
var imageStr = "";
for (var i=0;i<result.data.imageList.length;i++){
imageStr += "<img height='132px;' width='211px;' class='pimg' src='"+result.data.imageList[i]+"'/>";
... ...
... ... @@ -102,7 +102,7 @@ function loadMainList(){
width: 20,
align: "center",
formatter: function (value, rowData, rowIndex) {
return value.replace(/</ig, '&lt;').replace(/>/ig, '&gt;');
return replacexss(value);
}
}, {
title: "商品名称*",
... ... @@ -110,7 +110,7 @@ function loadMainList(){
width: 20,
align: "center",
formatter: function (value, rowData, rowIndex) {
return value.replace(/</ig, '&lt;').replace(/>/ig, '&gt;');
return replacexss(value);
}
}, {
title: "发售价",
... ... @@ -128,7 +128,7 @@ function loadMainList(){
width: 20,
align: "center",
formatter: function (value, rowData, rowIndex) {
return value.replace(/</ig, '&lt;').replace(/>/ig, '&gt;');
return replacexss(value);
}
}, {
title: "创建时间",
... ...
... ... @@ -106,11 +106,11 @@ function getDetailInfo(id){
dataType: 'json',
success: function (result) {
if(result.code == 200) {
$("#brandValue").html(result.data.brand.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
$("#productNameValue").html(result.data.productName.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
$("#brandValue").html(replacexss(result.data.brand));
$("#productNameValue").html(replacexss(result.data.productName));
$("#priceValue").html(result.data.price);
$("#saleTimeValue").html(result.data.saleTime);
$("#productCodeValue").html(result.data.productCode.replace(/</ig, '&lt;').replace(/>/ig, '&gt;'));
$("#productCodeValue").html(replacexss(result.data.productCode));
var imageStr = "";
for (var i=0;i<result.data.imageList.length;i++){
imageStr += "<img height='132px;' width='211px;' class='pimg' src='"+result.data.imageList[i]+"'/>";
... ...
//通用的LoadFilter
function replacexss(data) {
return data.replace(/</ig, '&lt;').replace(/>/ig, '&gt;').replace(/"/ig, '“').replace(/'/ig, '‘');
}
\ No newline at end of file
... ...
... ... @@ -41,3 +41,4 @@ document.write("<script src='"+ contextPath +"/js/global.js'></script>");
document.write("<script src='"+ contextPath +"/js/jquery/jquery.imageUpload.js'></script>");
document.write("<script src='"+ contextPath +"/js/jquery/jquery.fileUpload.js'></script>");
document.write("<script src='"+ contextPath +"/js/jquery/jquery.zclip.js'></script>");
document.write("<script src='"+ contextPath +"/js/common/common.js'></script>");
... ...