elink-star
/
luckysheet
12
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

edit: filter xss

master
btea 4 years ago
parent
3a54312c93
commit
8b90e1d093
2 changed files with 9 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/controllers/updateCell.js
  2. 12
      src/global/formula.js

2
src/controllers/updateCell.js
View File

@ -213,7 +213,7 @@ export function luckysheetupdateCell(row_index1, col_index1, d, cover, isnotfocu
if((value == null || value.toString() == "") && !cover){ if((value == null || value.toString() == "") && !cover){
value = "<br/>"; value = "<br/>";
} }
value = formula.xssDeal(value);
if(!checkProtectionCellHidden(row_index, col_index, Store.currentSheetIndex) && value.length>0 && value.substr(0, 63)=='<span dir="auto" class="luckysheet-formula-text-color">=</span>'){ if(!checkProtectionCellHidden(row_index, col_index, Store.currentSheetIndex) && value.length>0 && value.substr(0, 63)=='<span dir="auto" class="luckysheet-formula-text-color">=</span>'){
$("#luckysheet-rich-text-editor").html(""); $("#luckysheet-rich-text-editor").html("");
} }

12
src/global/formula.js
View File

@ -321,6 +321,10 @@ const luckysheetformula = {
sheetmanage.changeSheetExec(_this.rangetosheet); sheetmanage.changeSheetExec(_this.rangetosheet);
} }
}, },
xssDeal: function(str) {
if (typeof str !== 'string') return str;
return str.replace(/<script>/g, '&lt;script&gt;').replace(/<\/script>/, '&lt;/script&gt;');
},
fucntionboxshow: function(r, c) { fucntionboxshow: function(r, c) {
if(!checkProtectionCellHidden(r, c, Store.currentSheetIndex)){ if(!checkProtectionCellHidden(r, c, Store.currentSheetIndex)){
@ -346,7 +350,7 @@ const luckysheetformula = {
value = valueShowEs(r, c, d); value = valueShowEs(r, c, d);
} }
} }
value = this.xssDeal(value);
_this.oldvalue = value; _this.oldvalue = value;
$("#luckysheet-functionbox-cell").html(value); $("#luckysheet-functionbox-cell").html(value);
}, },
@ -3313,11 +3317,11 @@ const luckysheetformula = {
$editer = $input; $editer = $input;
let value1 = $editer.html(), let value1 = $editer.html(),
value1txt = $editer.text(); value1txt = $editer.text();
let xssDeal = this.xssDeal
setTimeout(function() { setTimeout(function() {
let value = $editer.text(), let value = $editer.text(),
valuetxt = value; valuetxt = value;
value = xssDeal(value);
if (value.length > 0 && value.substr(0, 1) == "=" && (kcode != 229 || value.length == 1)) { if (value.length > 0 && value.substr(0, 1) == "=" && (kcode != 229 || value.length == 1)) {
value = _this.functionHTMLGenerate(value); value = _this.functionHTMLGenerate(value);
value1 = _this.functionHTMLGenerate(value1txt); value1 = _this.functionHTMLGenerate(value1txt);
@ -5464,4 +5468,4 @@ const luckysheetformula = {
data_parm_index: 0 //选择公式后参数索引标记 data_parm_index: 0 //选择公式后参数索引标记
} }
export default luckysheetformula; export default luckysheetformula;

Write Preview
Loading…
Cancel
Save