github/cosin
1
0
Fork 0
mirror of https://github.com/chatopera/cosin.git synced 2025-07-24 08:31:45 +08:00
Code Issues Releases Wiki Activity

Fix Enterprise Chat XSS #495

Browse Source
This commit is contained in:
Yu 2021-11-17 10:35:05 +08:00
parent d803abe812
commit aec02346e4
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
contact-center/app/src/main/resources/templates/apps/entim/group/index.pug
View File

@ -203,11 +203,24 @@ block content
openchat('/ent/im/chat.html?userid=' + id, '/images/user-pc.png', uname, user.id, '最近登陆:' + lastlogintime)
}
}
function escapeHtml (str) {
if (typeof str == 'string') {
return str.replace(/<|&|>/g, function (matches) {
return ({
'<': '&lt;',
'>': '&gt;',
'&': '&amp;'
})[matches];
});
}
return '';
}
function openchat(url, img, name, id, text) {
top.layer.open({
type: 2,
id: id,
title: ["<div style='position: relative;height: 42px;padding: 5px 15px 5px 0px;line-height: 20px;cursor: pointer;display: inline-block;vertical-align: top;' id='dialog_" + id + "'><img src='" + img + "' style='max-height:50px;'><div style='padding:0px 5px;line-height: 23px;display: inline-block;vertical-align: top;'><span style='vertical-align: top;font-size:18px;'>" + name + "<span class='ukefu-entim-status offline' id='chat_" + id + "' title='离线'><i class='layui-icon'></i></span></span><p style='vertical-align: top;font-size: 12px;color: #999;'>" + text + "</p></div></div>", "height:55px"],
title: ["<div style='position: relative;height: 42px;padding: 5px 15px 5px 0px;line-height: 20px;cursor: pointer;display: inline-block;vertical-align: top;' id='dialog_" + id + "'><img src='" + img + "' style='max-height:50px;'><div style='padding:0px 5px;line-height: 23px;display: inline-block;vertical-align: top;'><span style='vertical-align: top;font-size:18px;'>" + escapeHtml(name) + "<span class='ukefu-entim-status offline' id='chat_" + id + "' title='离线'><i class='layui-icon'></i></span></span><p style='vertical-align: top;font-size: 12px;color: #999;'>" + text + "</p></div></div>", "height:55px"],
closeBtn: 1, //不显示关闭按钮
shade: false,
area: ['700px', '520px'],

15
contact-center/app/src/main/resources/templates/apps/entim/index.pug
View File

@ -164,11 +164,24 @@ block content
, shade: 0 //不显示遮罩
});
}
function escapeHtml (str) {
if (typeof str == 'string') {
return str.replace(/<|&|>/g, function (matches) {
return ({
'<': '&lt;',
'>': '&gt;',
'&': '&amp;'
})[matches];
});
}
return '';
}
function openchat(url, img, name, id, text) {
top.layer.open({
type: 2,
id: id,
title: ["<div style='position: relative;height: 42px;padding: 5px 15px 5px 0px;line-height: 20px;cursor: pointer;display: inline-block;vertical-align: top;' id='dialog_" + id + "'><img src='" + img + "' style='max-height:50px;'><div style='padding:0px 5px;line-height: 23px;display: inline-block;vertical-align: top;'><span style='vertical-align: top;font-size:18px;'>" + name + "<span class='ukefu-entim-status offline' id='chat_" + id + "' title='离线'><i class='layui-icon'></i></span></span><p style='vertical-align: top;font-size: 12px;color: #999;'>" + text + "</p></div></div>", "height:55px"],
title: ["<div style='position: relative;height: 42px;padding: 5px 15px 5px 0px;line-height: 20px;cursor: pointer;display: inline-block;vertical-align: top;' id='dialog_" + id + "'><img src='" + img + "' style='max-height:50px;'><div style='padding:0px 5px;line-height: 23px;display: inline-block;vertical-align: top;'><span style='vertical-align: top;font-size:18px;'>" + escapeHtml(name) + "<span class='ukefu-entim-status offline' id='chat_" + id + "' title='离线'><i class='layui-icon'></i></span></span><p style='vertical-align: top;font-size: 12px;color: #999;'>" + text + "</p></div></div>", "height:55px"],
closeBtn: 1, //不显示关闭按钮
shade: false,
area: ['700px', '520px'],