From 56c4bcb51552ebcb2cd6a8c4170a609f142c4dfc Mon Sep 17 00:00:00 2001
From: zhangdaiscott <zhangdaiscott@163.com>
Date: Tue, 19 Jul 2022 19:02:39 +0800
Subject: [PATCH] xss漏洞问题

---
 ant-design-vue-jeecg/src/components/tools/ShowAnnouncement.vue | 7 +++++++
 1 file changed, 7 insertions(+), 0 deletions(-)

diff --git a/ant-design-vue-jeecg/src/components/tools/ShowAnnouncement.vue b/ant-design-vue-jeecg/src/components/tools/ShowAnnouncement.vue
index 4e0022c..8be8488 100644
--- a/ant-design-vue-jeecg/src/components/tools/ShowAnnouncement.vue
+++ b/ant-design-vue-jeecg/src/components/tools/ShowAnnouncement.vue
@@ -1,3 +1,4 @@
+import xss from "xss"
 <template>
   <j-modal
     :title="title"
@@ -24,6 +25,7 @@
 
 <script>
   import {getUserList} from '@/api/api'
+  import xss from 'xss'
   export default {
     name: "SysAnnouncementModal",
     components: {
@@ -70,6 +72,11 @@
         }
         //update-end---author:wangshuai ---date:20220107  for：将其它页面传递过来的用户名改成用户真实姓名
         this.visible = true;
+        //update-begin-author:taoyan date:2022-7-14 for: VUEN-1702 【禁止问题】sql注入漏洞
+        if(record.msgContent){
+          record.msgContent = xss(record.msgContent)
+        }
+        //update-end-author:taoyan date:2022-7-14 for: VUEN-1702 【禁止问题】sql注入漏洞
         this.record = record;
       },
       handleCancel () {
--
libgit2 0.22.2