Skip to content

A
antSword
Commit 86f0b093 authored by antoor's avatar antoor
Browse files
Options

Fixed file management template XSS security issues 

修复文件管理模板XSS安全问题
parent d36f3e78
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 5 deletions
CHANGELOG.md
View file @ 86f0b093
...@@ -3,6 +3,9 @@ ...@@ -3,6 +3,9 @@
> 同时也欢迎大家的参与!感谢各位朋友的支持! .TAT. > 同时也欢迎大家的参与!感谢各位朋友的支持! .TAT.
## 2016/04 ## 2016/04
### /12
1. 修复文件管理模板XSS安全问题
### /10 `(v.1.1.2)` ### /10 `(v.1.1.2)`
1. 增加文件管理中可执行文件的提示样式 1. 增加文件管理中可执行文件的提示样式
2. 调整文件管理中任务面板默认折叠(当有任务时自动展开 2. 调整文件管理中任务面板默认折叠(当有任务时自动展开
......
source/modules/filemanager/folder.jsx
View file @ 86f0b093
// //
// 左侧目录 模块 // 左侧目录 模块
// //
const LANG_T = antSword['language']['toastr']; const LANG_T = antSword['language']['toastr'];
const LANG = antSword['language']['filemanager']['folder']; const LANG = antSword['language']['filemanager']['folder'];
...@@ -74,8 +74,8 @@ class Folder { ...@@ -74,8 +74,8 @@ class Folder {
for (let _ in obj) { for (let _ in obj) {
let _path = path + _; let _path = path + _;
let _obj = { let _obj = {
id: _path, id: antSword.noxss(_path),
text: (_.length === 1 || (_.endsWith(':/') && _.length === 3)) ? _ : _.replace(/\/$/, '') text: antSword.noxss((_.length === 1 || (_.endsWith(':/') && _.length === 3)) ? _ : _.replace(/\/$/, ''))
}; };
let _result = parseItem(obj[_], _path); let _result = parseItem(obj[_], _path);
if (_result) { if (_result) {
...@@ -102,4 +102,4 @@ class Folder { ...@@ -102,4 +102,4 @@ class Folder {
} }
export default Folder; export default Folder;
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment