修复宽带产品管理页面中xss漏洞

7f4a2149 · 伍思炜 · 2e31690d · 7f4a2149 · 7f4a2149
Commit 7f4a2149 authored Mar 16, 2022 by 伍思炜
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

package.json
+2 -1

src/views/school-center/productManagement/product.vue
+5 -4

No files found.
--- a/package.json
+++ b/package.json
@@ -54,7 +54,8 @@
    "vuedraggable": "^2.23.2",
    "vuex": "^3.1.2",
    "vuex-class": "^0.3.1",
-    "webpack": "^4.41.2"
+    "webpack": "^4.41.2",
+    "xss": "^1.0.11"
  },
  "devDependencies": {
    "@babel/polyfill": "^7.7.0",

--- a/src/views/school-center/productManagement/product.vue
+++ b/src/views/school-center/productManagement/product.vue
@@ -150,13 +150,13 @@
                        </a-select>
                    </a-form-item>
                    <a-form-item :labelCol="{span: 5}" :wrapperCol="{span: 18, offset: 1}" label="产品情况：">
-                        <mavon-editor @save="saveProductIntroduction" ref="editor_a" v-model="productIntroduction"></mavon-editor>
+                        <mavon-editor @save="saveProductIntroduction" ref="editor_a" v-model="productIntroduction" :xssOptions="{}"></mavon-editor>
                    </a-form-item>
                    <a-form-item :labelCol="{span: 5}" :wrapperCol="{span: 18, offset: 1}" label="单宽资费介绍：">
-                        <mavon-editor @save="saveProductSetMealIntroduction" ref="editor_b" v-model="productSetMealIntroduction"></mavon-editor>
+                        <mavon-editor @save="saveProductSetMealIntroduction" ref="editor_b" v-model="productSetMealIntroduction" :xssOptions="{}"></mavon-editor>
                    </a-form-item>
                    <a-form-item :labelCol="{span: 5}" :wrapperCol="{span: 18, offset: 1}" label="融合资费介绍：">
-                        <mavon-editor @save="saveProductRf2" ref="editor_c" v-model="productRf2"></mavon-editor>
+                        <mavon-editor @save="saveProductRf2" ref="editor_c" v-model="productRf2" :xssOptions="{}"></mavon-editor>
                    </a-form-item>
                </div>
            </a-form>
@@ -293,9 +293,10 @@
        methods: {
            saveProductIntroduction(markdown, html) {
                // 此时会自动将 markdown 和 html 传递到这个方法中
+
                console.log("markdown内容:" + markdown);
                //alert("html内容:" + html);
-                this.productIntroduction = html;
+                this.productIntroduction = html
            },
            saveProductSetMealIntroduction(markdown, html) {
                // 此时会自动将 markdown 和 html 传递到这个方法中