github/cosin
1
0
Fork 0
mirror of https://github.com/chatopera/cosin.git synced 2025-07-20 04:23:01 +08:00
Code Issues Releases Wiki Activity

fix #495 contacts notes XSS

Browse Source
This commit is contained in:
Yu 2021-11-16 11:55:40 +08:00
parent ff7ab98bcf
commit d803abe812
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
contact-center/app/src/main/resources/templates/apps/contacts/detail.pug
View File

@ -181,6 +181,20 @@ block content
} }
script. script.
function escapeHtml (str) {
if (typeof str == 'string') {
return str.replace(/<|&|>/g, function (matches) {
return ({
'<': '&lt;',
'>': '&gt;',
'&': '&amp;'
})[matches];
});
}
return '';
}
function getNotesByContactId () { function getNotesByContactId () {
// 获取数据 // 获取数据
var id = $('#contactsId').val(); var id = $('#contactsId').val();
@ -204,8 +218,8 @@ block content
'<div class="container">' + '<div class="container">' +
'<h4>时间:' + item.updatetime + '</h4>' + '<h4>时间:' + item.updatetime + '</h4>' +
'<h5>笔记者:' + item.creatername + '</h5>' + '<h5>笔记者:' + item.creatername + '</h5>' +
'<h5>事件类型:' + item.category + '</h5>' + '<h5>事件类型:' + escapeHtml(item.category) + '</h5>' +
'<div>笔记:' + item.content + '</div>' + '<div>笔记:' + escapeHtml(item.content) + '</div>' +
'</div>' + '</div>' +
'</div>'); '</div>');
} }