Skip to content

A
antSword
Commit 740d6137 authored by Medicean's avatar Medicean
Browse files
Options

(Fix:FileManager) 修复目录树双击时引起console下报错问题 

处理文件管理潜在在几处可能的 xss
parent b7af5467
Show whitespace changes
Inline Side-by-side
Showing with 17 additions and 14 deletions
source/modules/filemanager/folder.js
View file @ 740d6137
...@@ -18,6 +18,9 @@ class Folder { ...@@ -18,6 +18,9 @@ class Folder {
manager.files.gotoPath(id); manager.files.gotoPath(id);
}); });
tree.attachEvent('onDblClick', (id) => {
return;
});
this.tree = tree; this.tree = tree;
this.cell = cell; this.cell = cell;
this.cache = {}; this.cache = {};
...@@ -79,7 +82,7 @@ class Folder { ...@@ -79,7 +82,7 @@ class Folder {
for (let _ in obj) { for (let _ in obj) {
let _path = path + _; let _path = path + _;
let _obj = { let _obj = {
id: antSword.noxss(_path), id: (_path),
text: antSword.noxss((_.length === 1 || (_.endsWith(':/') && _.length === 3)) ? _ : _.replace(/\/$/, '')) text: antSword.noxss((_.length === 1 || (_.endsWith(':/') && _.length === 3)) ? _ : _.replace(/\/$/, ''))
}; };
let _result = parseItem(obj[_], _path); let _result = parseItem(obj[_], _path);
......
source/modules/filemanager/index.js
View file @ 740d6137
...@@ -286,7 +286,7 @@ class FileManager { ...@@ -286,7 +286,7 @@ class FileManager {
let self = this; let self = this;
layer.confirm( layer.confirm(
LANG['delete']['confirm'](files.length > 1 ? files.length : files[0]), LANG['delete']['confirm'](files.length > 1 ? files.length : antSword.noxss(files[0])),
{ {
icon: 2, icon: 2,
shift: 6, shift: 6,
...@@ -531,7 +531,7 @@ class FileManager { ...@@ -531,7 +531,7 @@ class FileManager {
let that = this; let that = this;
const remote_path = this.path + name; const remote_path = this.path + name;
const win = that.createWin({ const win = that.createWin({
title: 'Loading File: ' + remote_path, title: 'Loading File: ' + antSword.noxss(remote_path),
width: 800, width: 800,
height: 600, height: 600,
}); });
...@@ -548,12 +548,12 @@ class FileManager { ...@@ -548,12 +548,12 @@ class FileManager {
down_size += _size; down_size += _size;
let down_progress = parseInt(parseFloat(down_size / size).toFixed(2) * 100); let down_progress = parseInt(parseFloat(down_size / size).toFixed(2) * 100);
if (!(down_progress % 5)) { if (!(down_progress % 5)) {
win.setText(`Preview File: ${remote_path} ${down_progress}%`); win.setText(`Preview File: ${antSword.noxss(remote_path)} ${down_progress}%`);
}; };
} }
).then((_size) => { ).then((_size) => {
if (_size === size) { if (_size === size) {
win.setText(`Preview File: ${remote_path}`); win.setText(`Preview File: ${antSword.noxss(remote_path)}`);
let buff = fs.readFileSync(savepath); let buff = fs.readFileSync(savepath);
switch (filemime){ switch (filemime){
default: default:
...@@ -821,11 +821,11 @@ class FileManager { ...@@ -821,11 +821,11 @@ class FileManager {
let _id = String(Math.random()).substr(5, 10); let _id = String(Math.random()).substr(5, 10);
antSword['tabbar'].addTab( antSword['tabbar'].addTab(
`tab_file_${_id}`, `tab_file_${_id}`,
`<i class="fa fa-file-o"></i> ${name}`, `<i class="fa fa-file-o"></i> ${antSword.noxss(name)}`,
null, null, true, true null, null, true, true
); );
win = antSword['tabbar'].cells(`tab_file_${_id}`); win = antSword['tabbar'].cells(`tab_file_${_id}`);
hinttext = `IP:${this.opts['ip']} File:${path}`; hinttext = `IP:${this.opts['ip']} File:${antSword.noxss(path)}`;
} }
win.progressOn(); win.progressOn();
......
source/modules/terminal/index.js
View file @ 740d6137
...@@ -133,11 +133,11 @@ class Terminal { ...@@ -133,11 +133,11 @@ class Terminal {
this.path = infoPath; this.path = infoPath;
// 组合banner // 组合banner
banner += `\n[[b;#99A50D;]${LANG['banner']['path']}]: [[;#C3C3C3;]${infoPath}]`; banner += `\n[[b;#99A50D;]${LANG['banner']['path']}]: [[;#C3C3C3;]${antSword.noxss(infoPath)}]`;
banner += `\n[[b;#99A50D;]${LANG['banner']['drive']}]: [[;#C3C3C3;]${infoDrive}]`; banner += `\n[[b;#99A50D;]${LANG['banner']['drive']}]: [[;#C3C3C3;]${antSword.noxss(infoDrive)}]`;
if (info.length === 4) { if (info.length === 4) {
banner += `\n[[b;#99A50D;]${LANG['banner']['system']}]: [[;#C3C3C3;]${infoSystem}]`; banner += `\n[[b;#99A50D;]${LANG['banner']['system']}]: [[;#C3C3C3;]${antSword.noxss(infoSystem)}]`;
banner += `\n[[b;#99A50D;]${LANG['banner']['user']}]: [[;#C3C3C3;]${infoUser}]`; banner += `\n[[b;#99A50D;]${LANG['banner']['user']}]: [[;#C3C3C3;]${antSword.noxss(infoUser)}]`;
} }
// 初始化终端 // 初始化终端
...@@ -193,7 +193,7 @@ class Terminal { ...@@ -193,7 +193,7 @@ class Terminal {
result += `${line[0]}\t\t\t${r}\n`; result += `${line[0]}\t\t\t${r}\n`;
} }
}); });
term.echo(result); term.echo(antSword.noxss(result));
term.resume(); term.resume();
}).catch((err) => { }).catch((err) => {
term.resume(); term.resume();
...@@ -204,7 +204,7 @@ class Terminal { ...@@ -204,7 +204,7 @@ class Terminal {
var sessbin = cmd.substr(5).trim(); var sessbin = cmd.substr(5).trim();
if(sessbin.length>0){ if(sessbin.length>0){
self.sessbin = sessbin; self.sessbin = sessbin;
term.echo(LANG['ascmd']['ascmd'](self.sessbin)); term.echo(LANG['ascmd']['ascmd'](antSword.noxss(self.sessbin)));
}else{ }else{
term.echo(LANG['ascmd']['ashelp']); term.echo(LANG['ascmd']['ashelp']);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment