Commit 56c4bcb51552ebcb2cd6a8c4170a609f142c4dfc
1 parent
71973adc
xss漏洞问题
Showing
1 changed file
with
7 additions
and
0 deletions
ant-design-vue-jeecg/src/components/tools/ShowAnnouncement.vue
| 1 | +import xss from "xss" | |
| 1 | 2 | <template> |
| 2 | 3 | <j-modal |
| 3 | 4 | :title="title" |
| ... | ... | @@ -24,6 +25,7 @@ |
| 24 | 25 | |
| 25 | 26 | <script> |
| 26 | 27 | import {getUserList} from '@/api/api' |
| 28 | + import xss from 'xss' | |
| 27 | 29 | export default { |
| 28 | 30 | name: "SysAnnouncementModal", |
| 29 | 31 | components: { |
| ... | ... | @@ -70,6 +72,11 @@ |
| 70 | 72 | } |
| 71 | 73 | //update-end---author:wangshuai ---date:20220107 for:将其它页面传递过来的用户名改成用户真实姓名 |
| 72 | 74 | this.visible = true; |
| 75 | + //update-begin-author:taoyan date:2022-7-14 for: VUEN-1702 【禁止问题】sql注入漏洞 | |
| 76 | + if(record.msgContent){ | |
| 77 | + record.msgContent = xss(record.msgContent) | |
| 78 | + } | |
| 79 | + //update-end-author:taoyan date:2022-7-14 for: VUEN-1702 【禁止问题】sql注入漏洞 | |
| 73 | 80 | this.record = record; |
| 74 | 81 | }, |
| 75 | 82 | handleCancel () { |
| ... | ... |