Fix #134 修复部分 self-xss 引起的体验问题

ae69902a · Medicean · c2f5432f · ae69902a · ae69902a · ae69902a
Commit ae69902a authored Mar 20, 2019 by Medicean
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

files.js source/modules/filemanager/files.js +2 -2

data.js source/modules/shellmanager/data.js +1 -1

index.js source/modules/shellmanager/index.js +1 -1

No files found.
--- a/source/modules/filemanager/files.js
+++ b/source/modules/filemanager/files.js
@@ -34,7 +34,7 @@ class Files {
        for(let gb in global_bookmarks) {
          bookmark_opts.push({
            id: 'bookmark_'+ global_bookmarks[gb],
-            text: gb,
+            text: antSword.noxss(gb),
            icon: 'bookmark',
            type: 'button',
            enabled: manager.path !== global_bookmarks[gb]
@@ -47,7 +47,7 @@ class Files {
      for (let _ in bookmark) {
        bookmark_opts.push({
          id: 'bookmark_' + _,
-          text: bookmark[_],
+          text: antSword.noxss(bookmark[_]),
          icon: 'bookmark-o',
          type: 'button',
          enabled: manager.path !== _

--- a/source/modules/shellmanager/data.js
+++ b/source/modules/shellmanager/data.js
@@ -26,7 +26,7 @@ module.exports = {
      data.push({
        id: _['_id'],
        data: [
-          _['url'], _['ip'], _['addr'], _['note'],
+          antSword.noxss(_['url']), _['ip'], _['addr'], antSword.noxss(_['note']),
          new Date(_['ctime']).format('yyyy/MM/dd hh:mm:ss'),
          new Date(_['utime']).format('yyyy/MM/dd hh:mm:ss')
        ]

--- a/source/modules/shellmanager/index.js
+++ b/source/modules/shellmanager/index.js
@@ -80,7 +80,7 @@ class ShellManager {
      this.category['sidebar'].addItem({
        id: _,
        bubble: _data['category'][_],
-        text: `<i class="fa fa-folder-o"></i> ${_}`
+        text: `<i class="fa fa-folder-o"></i> ${antSword.noxss(_)}`
      });
    }
    // 加载分类数据