Fixed file management template XSS security issues

修复文件管理模板XSS安全问题

Fixed file management template XSS security issues
修复文件管理模板XSS安全问题
86f0b093 · antoor · d36f3e78 · 86f0b093 · 86f0b093
Commit 86f0b093 authored Apr 12, 2016 by antoor
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 5 deletions

CHANGELOG.md CHANGELOG.md +3 -0

folder.jsx source/modules/filemanager/folder.jsx +5 -5

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,9 @@
 > 同时也欢迎大家的参与！感谢各位朋友的支持！ .TAT.

 ## 2016/04
+### /12
+  1. 修复文件管理模板XSS安全问题
+
 ### /10 `(v.1.1.2)`
  1. 增加文件管理中可执行文件的提示样式
  2. 调整文件管理中任务面板默认折叠（当有任务时自动展开

--- a/source/modules/filemanager/folder.jsx
+++ b/source/modules/filemanager/folder.jsx
-// 
+//
 // 左侧目录 模块
-// 
+//

 const LANG_T = antSword['language']['toastr'];
 const LANG = antSword['language']['filemanager']['folder'];
@@ -74,8 +74,8 @@ class Folder {
      for (let _ in obj) {
        let _path = path + _;
        let _obj = {
-          id: _path,
-          text: (_.length === 1 || (_.endsWith(':/') && _.length === 3)) ? _ : _.replace(/\/$/, '')
+          id: antSword.noxss(_path),
+          text: antSword.noxss((_.length === 1 || (_.endsWith(':/') && _.length === 3)) ? _ : _.replace(/\/$/, ''))
        };
        let _result = parseItem(obj[_], _path);
        if (_result) {
@@ -102,4 +102,4 @@ class Folder {

 }

-export default Folder;
\ No newline at end of file
+export default Folder;