From a40cc022891cb1082ce0fb2d1645b10f24e2430d Mon Sep 17 00:00:00 2001
From: Argo Zhang <Argo@163.com>
Date: Thu, 14 Mar 2019 16:26:19 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9BUG=EF=BC=9A=E5=85=A8?=
 =?UTF-8?q?=E7=AB=99=E5=A2=9E=E5=8A=A0=E5=AF=B9=E8=84=9A=E6=9C=AC=E4=BB=A3?=
 =?UTF-8?q?=E7=A0=81=E9=98=B2=E6=8A=A4=20closed=20#ITJ53?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

#Issue
https://gitee.com/LongbowEnterprise/dashboard/issues?id=ITJ53
---
 Bootstrap.Admin/wwwroot/js/common-scripts.js          |  4 ++--
 Bootstrap.Admin/wwwroot/lib/longbow/longbow.common.js | 10 ++++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/Bootstrap.Admin/wwwroot/js/common-scripts.js b/Bootstrap.Admin/wwwroot/js/common-scripts.js
index 30aa18eb..b5d7e505 100644
--- a/Bootstrap.Admin/wwwroot/js/common-scripts.js
+++ b/Bootstrap.Admin/wwwroot/js/common-scripts.js
@@ -82,7 +82,7 @@
                     $('#msgHeaderUser').text(result.NewUsersCount);
                     htmlUserTemplate = '<a class="dropdown-item" href="{4}"><span class="label label-success"><i class="fa fa-plus"></i></span><div title="{2}" class="content">{1}({0})</div><span class="small italic">{3}</span></a>';
                     html = result.Users.map(function (u) {
-                        return $.format(htmlUserTemplate, u.UserName, u.DisplayName, u.Description, u.Period, $.formatUrl('Admin/Notifications'));
+                        return $.format(htmlUserTemplate, $.safeHtml(u.UserName), $.safeHtml(u.DisplayName), $.safeHtml(u.Description), u.Period, $.formatUrl('Admin/Notifications'));
                     }).join('');
                     $(html).insertAfter($('#msgHeaderUserContent'));
 
@@ -106,7 +106,7 @@
                     $('#msgHeaderMsg').text(result.MessagesCount);
                     htmlUserTemplate = '<a class="dropdown-item" href="{6}?id={0}"><span class="photo"><img alt="avatar" src="{1}"></span><span class="subject"><span class="from">{2}</span><span class="time">{4}</span></span><span class="message" title="{5}">{3}</span></a>';
                     html = result.Messages.map(function (u) {
-                        return $.format(htmlUserTemplate, u.Id, u.FromIcon, u.FromDisplayName, u.Title, u.Period, u.Content, $.formatUrl('Admin/Messages'));
+                        return $.format(htmlUserTemplate, u.Id, u.FromIcon, $.safeHtml(u.FromDisplayName), $.safeHtml(u.Title), u.Period, $.safeHtml(u.Content), $.formatUrl('Admin/Messages'));
                     }).join('');
                     $(html).insertAfter($('#msgHeaderMsgContent'));
                 }
diff --git a/Bootstrap.Admin/wwwroot/lib/longbow/longbow.common.js b/Bootstrap.Admin/wwwroot/lib/longbow/longbow.common.js
index 6602c801..6e6c818a 100644
--- a/Bootstrap.Admin/wwwroot/lib/longbow/longbow.common.js
+++ b/Bootstrap.Admin/wwwroot/lib/longbow/longbow.common.js
@@ -233,6 +233,9 @@
             var base = $('#pathBase').attr('href');
             return base + url;
         },
+        safeHtml: function(text) {
+            return $('<div>').text(text).html();
+        },
         syntaxHighlight: function (json) {
             if (typeof (json) === 'string') {
                 json = JSON.parse(json);
@@ -326,6 +329,13 @@
                 }
             }, options);
             settings.url = $.formatUrl(settings.url);
+            $.each(settings.columns, function (index, value) {
+                if (!$.isFunction(value.formatter)) {
+                    value.formatter = function (value, row, index, field) {
+                        return $.safeHtml(value);
+                    }
+                }
+            });
             this.bootstrapTable(settings);
             $('.bootstrap-table .fixed-table-toolbar .columns .export .dropdown-menu').addClass("dropdown-menu-right");
             $(settings.toolbar).removeClass('d-none').find('.toolbar').on('click', 'a', function (e) {