(Fix: Database) fix #151 (thx @miaochiahao)

CHANGELOG.md

@@ -4,6 +4,7 @@
 ## `v(2.0.7.3)
 
 * 主窗口增加 CSP 策略
+* Fix self-xss in database config #151 (thx @miaochiahao)
 
 ## `v(2.0.7.2)`
 

source/modules/database/asp/index.js

@@ -139,7 +139,7 @@ class ASP {
       items.push({
         id: `conn::${_}`,
         // text: `${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`,
-        text: conf[_]['type'].toUpperCase(),
+        text: antSword.noxss(conf[_]['type'].toUpperCase()),
         im0: this.manager.list.imgs[0],
         im1: this.manager.list.imgs[0],
         im2: this.manager.list.imgs[0]

source/modules/database/custom/index.js

@@ -124,7 +124,7 @@ class CUSTOM {
       items.push({
         id: `conn::${_}`,
         // text: `${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`,
-        text: conf[_]['type'].toUpperCase(),
+        text: antSword.noxss(conf[_]['type'].toUpperCase()),
         im0: this.manager.list.imgs[0],
         im1: this.manager.list.imgs[0],
         im2: this.manager.list.imgs[0]

source/modules/database/index.js

@@ -251,7 +251,7 @@ class Database {
         data_arr.push({
           id: i+1,
           data: [
-            func_mapping.hasOwnProperty(item[0]) ? func_mapping[item[0]] : item[0],
+            func_mapping.hasOwnProperty(item[0]) ? func_mapping[item[0]] : antSword.noxss(item[0]),
             parseInt(item[1]) === 1 ? "√" : "×",
           ],
           style: parseInt(item[1]) === 1 ? "background-color:#ADF1B9": "",

source/modules/database/php/index.js

@@ -288,7 +288,7 @@ class PHP {
     for (let _ in conf) {
       items.push({
         id: `conn::${_}`,
-        text: `${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`,
+        text: antSword.noxss(`${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`),
         im0: this.manager.list.imgs[0],
         im1: this.manager.list.imgs[0],
         im2: this.manager.list.imgs[0]