Skip to content

A
antSword
Commit 740d6137 authored by Medicean's avatar Medicean
Browse files
Options

(Fix:FileManager) 修复目录树双击时引起console下报错问题 

处理文件管理潜在在几处可能的 xss
parent b7af5467
Hide whitespace changes
Inline Side-by-side
Showing with 17 additions and 14 deletions
source/modules/filemanager/folder.js
View file @ 740d6137
......@@ -17,7 +17,10 @@ class Folder {
tree.attachEvent('onClick', (id) => {
manager.files.gotoPath(id);
});
tree.attachEvent('onDblClick', (id) => {
return;
});
this.tree = tree;
this.cell = cell;
this.cache = {};
......@@ -79,7 +82,7 @@ class Folder {
for (let _ in obj) {
let _path = path + _;
let _obj = {
id: antSword.noxss(_path),
id: (_path),
text: antSword.noxss((_.length === 1 || (_.endsWith(':/') && _.length === 3)) ? _ : _.replace(/\/$/, ''))
};
let _result = parseItem(obj[_], _path);
......
source/modules/filemanager/index.js
View file @ 740d6137
......@@ -286,7 +286,7 @@ class FileManager {
let self = this;
layer.confirm(
LANG['delete']['confirm'](files.length > 1 ? files.length : files[0]),
LANG['delete']['confirm'](files.length > 1 ? files.length : antSword.noxss(files[0])),
{
icon: 2,
shift: 6,
......@@ -531,7 +531,7 @@ class FileManager {
let that = this;
const remote_path = this.path + name;
const win = that.createWin({
title: 'Loading File: ' + remote_path,
title: 'Loading File: ' + antSword.noxss(remote_path),
width: 800,
height: 600,
});
......@@ -548,12 +548,12 @@ class FileManager {
down_size += _size;
let down_progress = parseInt(parseFloat(down_size / size).toFixed(2) * 100);
if (!(down_progress % 5)) {
win.setText(`Preview File: ${remote_path} ${down_progress}%`);
win.setText(`Preview File: ${antSword.noxss(remote_path)} ${down_progress}%`);
};
}
).then((_size) => {
if (_size === size) {
win.setText(`Preview File: ${remote_path}`);
win.setText(`Preview File: ${antSword.noxss(remote_path)}`);
let buff = fs.readFileSync(savepath);
switch (filemime){
default:
......@@ -821,11 +821,11 @@ class FileManager {
let _id = String(Math.random()).substr(5, 10);
antSword['tabbar'].addTab(
`tab_file_${_id}`,
`<i class="fa fa-file-o"></i> ${name}`,
`<i class="fa fa-file-o"></i> ${antSword.noxss(name)}`,
null, null, true, true
);
win = antSword['tabbar'].cells(`tab_file_${_id}`);
hinttext = `IP:${this.opts['ip']} File:${path}`;
hinttext = `IP:${this.opts['ip']} File:${antSword.noxss(path)}`;
}
win.progressOn();
......
source/modules/terminal/index.js
View file @ 740d6137
......@@ -133,11 +133,11 @@ class Terminal {
this.path = infoPath;
// 组合banner
banner += `\n[[b;#99A50D;]${LANG['banner']['path']}]: [[;#C3C3C3;]${infoPath}]`;
banner += `\n[[b;#99A50D;]${LANG['banner']['drive']}]: [[;#C3C3C3;]${infoDrive}]`;
banner += `\n[[b;#99A50D;]${LANG['banner']['path']}]: [[;#C3C3C3;]${antSword.noxss(infoPath)}]`;
banner += `\n[[b;#99A50D;]${LANG['banner']['drive']}]: [[;#C3C3C3;]${antSword.noxss(infoDrive)}]`;
if (info.length === 4) {
banner += `\n[[b;#99A50D;]${LANG['banner']['system']}]: [[;#C3C3C3;]${infoSystem}]`;
banner += `\n[[b;#99A50D;]${LANG['banner']['user']}]: [[;#C3C3C3;]${infoUser}]`;
banner += `\n[[b;#99A50D;]${LANG['banner']['system']}]: [[;#C3C3C3;]${antSword.noxss(infoSystem)}]`;
banner += `\n[[b;#99A50D;]${LANG['banner']['user']}]: [[;#C3C3C3;]${antSword.noxss(infoUser)}]`;
}
// 初始化终端
......@@ -193,7 +193,7 @@ class Terminal {
result += `${line[0]}\t\t\t${r}\n`;
}
});
term.echo(result);
term.echo(antSword.noxss(result));
term.resume();
}).catch((err) => {
term.resume();
......@@ -204,7 +204,7 @@ class Terminal {
var sessbin = cmd.substr(5).trim();
if(sessbin.length>0){
self.sessbin = sessbin;
term.echo(LANG['ascmd']['ascmd'](self.sessbin));
term.echo(LANG['ascmd']['ascmd'](antSword.noxss(self.sessbin)));
}else{
term.echo(LANG['ascmd']['ashelp']);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment