Commit 56c4bcb51552ebcb2cd6a8c4170a609f142c4dfc
1 parent
71973adc
xss漏洞问题
Showing
1 changed file
with
7 additions
and
0 deletions
ant-design-vue-jeecg/src/components/tools/ShowAnnouncement.vue
| 1 | +import xss from "xss" | ||
| 1 | <template> | 2 | <template> |
| 2 | <j-modal | 3 | <j-modal |
| 3 | :title="title" | 4 | :title="title" |
| @@ -24,6 +25,7 @@ | @@ -24,6 +25,7 @@ | ||
| 24 | 25 | ||
| 25 | <script> | 26 | <script> |
| 26 | import {getUserList} from '@/api/api' | 27 | import {getUserList} from '@/api/api' |
| 28 | + import xss from 'xss' | ||
| 27 | export default { | 29 | export default { |
| 28 | name: "SysAnnouncementModal", | 30 | name: "SysAnnouncementModal", |
| 29 | components: { | 31 | components: { |
| @@ -70,6 +72,11 @@ | @@ -70,6 +72,11 @@ | ||
| 70 | } | 72 | } |
| 71 | //update-end---author:wangshuai ---date:20220107 for:将其它页面传递过来的用户名改成用户真实姓名 | 73 | //update-end---author:wangshuai ---date:20220107 for:将其它页面传递过来的用户名改成用户真实姓名 |
| 72 | this.visible = true; | 74 | this.visible = true; |
| 75 | + //update-begin-author:taoyan date:2022-7-14 for: VUEN-1702 【禁止问题】sql注入漏洞 | ||
| 76 | + if(record.msgContent){ | ||
| 77 | + record.msgContent = xss(record.msgContent) | ||
| 78 | + } | ||
| 79 | + //update-end-author:taoyan date:2022-7-14 for: VUEN-1702 【禁止问题】sql注入漏洞 | ||
| 73 | this.record = record; | 80 | this.record = record; |
| 74 | }, | 81 | }, |
| 75 | handleCancel () { | 82 | handleCancel () { |