elink-star
/
luckysheet
12
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Refactoring func getSearchIndexArr and remove xss vulnerability in serchAll

master
asundukov 3 years ago
parent
5151467a44
commit
afa04bc49b
2 changed files with 40 additions and 78 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      package.json
  2. 117
      src/controllers/searchReplace.js

1
package.json
View File

@ -39,6 +39,7 @@
"@babel/runtime": "^7.12.1", "@babel/runtime": "^7.12.1",
"dayjs": "^1.9.6", "dayjs": "^1.9.6",
"esbuild": "^0.11.6", "esbuild": "^0.11.6",
"escape-html": "^1.0.3",
"flatpickr": "^4.6.6", "flatpickr": "^4.6.6",
"jquery": "^2.2.4", "jquery": "^2.2.4",
"numeral": "^2.0.6", "numeral": "^2.0.6",

117
src/controllers/searchReplace.js
View File

@ -12,8 +12,8 @@ import tooltip from '../global/tooltip';
import func_methods from '../global/func_methods'; import func_methods from '../global/func_methods';
import Store from '../store'; import Store from '../store';
import locale from '../locale/locale'; import locale from '../locale/locale';
import {checkProtectionLockedRangeList,checkProtectionAllSelected,checkProtectionSelectLockedOrUnLockedCells,checkProtectionNotEnable,checkProtectionLocked} from './protection'; import {checkProtectionLocked} from './protection';
import escapeHtml from "escape-html";
//查找替换 //查找替换
const luckysheetSearchReplace = { const luckysheetSearchReplace = {
@ -338,27 +338,27 @@ const luckysheetSearchReplace = {
} }
let searchAllHtml = ''; let searchAllHtml = '';
for(let i = 0; i < searchIndexArr.length; i++){ for(let i = 0; i < searchIndexArr.length; i++){
let value_ShowEs = valueShowEs(searchIndexArr[i].r, searchIndexArr[i].c, Store.flowdata).toString(); let value_ShowEs = valueShowEs(searchIndexArr[i].r, searchIndexArr[i].c, Store.flowdata).toString();
if(value_ShowEs.indexOf("</") > -1 && value_ShowEs.indexOf(">") > -1){ if(value_ShowEs.indexOf("</") > -1 && value_ShowEs.indexOf(">") > -1){
searchAllHtml += '<div class="boxItem" data-row="' + searchIndexArr[i].r + '" data-col="' + searchIndexArr[i].c + '" data-sheetIndex="' + Store.currentSheetIndex + '">' + searchAllHtml += '<div class="boxItem" data-row="' + searchIndexArr[i].r + '" data-col="' + searchIndexArr[i].c + '" data-sheetIndex="' + Store.currentSheetIndex + '">' +
'<span>' + Store.luckysheetfile[getSheetIndex(Store.currentSheetIndex)].name + '</span>' + '<span>' + escapeHtml(Store.luckysheetfile[getSheetIndex(Store.currentSheetIndex)].name) + '</span>' +
'<span>' + chatatABC(searchIndexArr[i].c) + (searchIndexArr[i].r + 1) + '</span>' + '<span>' + chatatABC(searchIndexArr[i].c) + (searchIndexArr[i].r + 1) + '</span>' +
'<span>' + value_ShowEs + '</span>' + '<span>' + escapeHtml(value_ShowEs) + '</span>' +
'</div>'; '</div>';
} }
else{ else{
searchAllHtml += '<div class="boxItem" data-row="' + searchIndexArr[i].r + '" data-col="' + searchIndexArr[i].c + '" data-sheetIndex="' + Store.currentSheetIndex + '">' + searchAllHtml += '<div class="boxItem" data-row="' + searchIndexArr[i].r + '" data-col="' + searchIndexArr[i].c + '" data-sheetIndex="' + Store.currentSheetIndex + '">' +
'<span>' + Store.luckysheetfile[getSheetIndex(Store.currentSheetIndex)].name + '</span>' + '<span>' + Store.luckysheetfile[getSheetIndex(Store.currentSheetIndex)].name + '</span>' +
'<span>' + chatatABC(searchIndexArr[i].c) + (searchIndexArr[i].r + 1) + '</span>' + '<span>' + chatatABC(searchIndexArr[i].c) + (searchIndexArr[i].r + 1) + '</span>' +
'<span title="' + value_ShowEs + '">' + value_ShowEs + '</span>' + '<span title="' + escapeHtml(value_ShowEs) + '">' + escapeHtml(value_ShowEs) + '</span>' +
'</div>'; '</div>';
} }
} }
$('<div id="searchAllbox"><div class="boxTitle"><span>'+ locale_findAndReplace.searchTargetSheet +'</span><span>'+locale_findAndReplace.searchTargetCell+'</span><span>'+locale_findAndReplace.searchTargetValue+'</span></div><div class="boxMain">' + searchAllHtml + '</div></div>').appendTo($("#luckysheet-search-replace")); $(`<div id="searchAllbox"><div class="boxTitle"><span>${locale_findAndReplace.searchTargetSheet}</span><span>${locale_findAndReplace.searchTargetCell}</span><span>${locale_findAndReplace.searchTargetValue}</span></div><div class="boxMain">${searchAllHtml}</div></div>`).appendTo($("#luckysheet-search-replace"));
$("#luckysheet-search-replace #searchAllbox .boxItem").eq(0).addClass("on").siblings().removeClass("on"); $("#luckysheet-search-replace #searchAllbox .boxItem").eq(0).addClass("on").siblings().removeClass("on");
@ -370,34 +370,39 @@ const luckysheetSearchReplace = {
selectHightlightShow(); selectHightlightShow();
}, },
getSearchIndexArr: function(searchText, range){ getSearchIndexArr: function(searchText, range){
let arr = []; const arr = [];
let obj = {}; const obj = {};
//正则表达式匹配 const $container = $("#luckysheet-search-replace");
let regCheck = false; const isChecked = (inputId) => $container.find(`#${inputId} input[type='checkbox']`).is(":checked");
if($("#luckysheet-search-replace #regCheck input[type='checkbox']").is(":checked")){
regCheck = true;
}
//正则表达式匹配
const regCheck = isChecked("regCheck");
//整词匹配 //整词匹配
let wordCheck = false; const wordCheck = isChecked("wordCheck");
if($("#luckysheet-search-replace #wordCheck input[type='checkbox']").is(":checked")){ //区分大小写匹配
wordCheck = true; const caseCheck = isChecked("caseCheck");
let regExpFlags = "g";
if (!caseCheck) {
searchText = searchText.toLowerCase();
regExpFlags += "i";
} }
//区分大小写匹配 const addResult = (r, c) => {
let caseCheck = false; if(!((r + "_" + c) in obj)){
if($("#luckysheet-search-replace #caseCheck input[type='checkbox']").is(":checked")){ obj[r + "_" + c] = 0;
caseCheck = true; arr.push({"r": r, "c": c});
}
} }
for(let s = 0; s < range.length; s++){ for(let s = 0; s < range.length; s++){
let r1 = range[s].row[0], r2 = range[s].row[1]; const r1 = range[s].row[0], r2 = range[s].row[1];
let c1 = range[s].column[0], c2 = range[s].column[1]; const c1 = range[s].column[0], c2 = range[s].column[1];
for(let r = r1; r <= r2; r++){ for(let r = r1; r <= r2; r++){
for(let c = c1; c <= c2; c++){ for(let c = c1; c <= c2; c++){
let cell = Store.flowdata[r][c]; const cell = Store.flowdata[r][c];
if(cell != null){ if(cell != null){
let value = valueShowEs(r, c, Store.flowdata); let value = valueShowEs(r, c, Store.flowdata);
@ -407,66 +412,22 @@ const luckysheetSearchReplace = {
} }
if(value != null && value != ""){ if(value != null && value != ""){
let wasFound = false;
value = value.toString(); value = value.toString();
value = caseCheck ? value : value.toLowerCase();
// 1. 勾选整词 直接匹配
// 2. 勾选了正则 结合是否勾选 构造正则
// 3. 什么都没选 用字符串 indexOf 匹配
if(wordCheck){ //整词 if(wordCheck){ //整词
if(caseCheck){ wasFound = searchText == value;
if(searchText == value){
if(!((r + "_" + c) in obj)){
obj[r + "_" + c] = 0;
arr.push({"r": r, "c": c});
}
}
}
else{
let txt = searchText.toLowerCase();
if(txt == value.toLowerCase()){
if(!((r + "_" + c) in obj)){
obj[r + "_" + c] = 0;
arr.push({"r": r, "c": c});
}
}
}
} }
else if(regCheck){ //正则表达式 else if(regCheck){ //正则表达式
let reg; let reg = new RegExp(func_methods.getRegExpStr(searchText), regExpFlags);
// 是否区分大小写 wasFound = reg.test(value);
if(caseCheck){
reg = new RegExp(func_methods.getRegExpStr(searchText), "g");
}
else{
reg = new RegExp(func_methods.getRegExpStr(searchText), "ig");
}
if(reg.test(value)){
if(!((r + "_" + c) in obj)){
obj[r + "_" + c] = 0;
arr.push({"r": r, "c": c});
}
}
} }
else{ else {
if(caseCheck){ wasFound = ~value.indexOf(searchText);
if(~value.indexOf(searchText)){
if(!((r + "_" + c) in obj)){
obj[r + "_" + c] = 0;
arr.push({"r": r, "c": c});
}
}
}
else{
if(~value.toLowerCase().indexOf(searchText.toLowerCase())){
if(!((r + "_" + c) in obj)){
obj[r + "_" + c] = 0;
arr.push({"r": r, "c": c});
}
}
}
} }
wasFound && addResult(r, c);
} }
} }
} }
@ -773,4 +734,4 @@ const luckysheetSearchReplace = {
} }
} }
export default luckysheetSearchReplace; export default luckysheetSearchReplace;

Write Preview
Loading…
Cancel
Save