test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: 部分缺陷不显示内容(扩充xss白名单) 

--bug=1008133 --user=陈建星 [github#7877]“同步缺陷”导致bug数据丢失 https://www.tapd.cn/55049933/s/1084518
This commit is contained in:
chenjianxing 2021-12-21 20:11:19 +08:00 committed by jianxing
parent 21e15276bd
commit ca39c24911
4 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/main/java/io/metersphere/xpack

@ -1 +1 @@
Subproject commit 25fa8fc0d7972b56f86fb466417ec55588a4812d Subproject commit 8e54dfc4cd510f2d676787dad1599067ac02f2d9

35
frontend/src/business/components/track/case/components/MsMarkDownText.vue
View File

@ -8,6 +8,7 @@
<script> <script>
import {getCurrentUser, getUUID} from "@/common/js/utils"; import {getCurrentUser, getUUID} from "@/common/js/utils";
import {deleteMarkDownImg, uploadMarkDownImg} from "@/network/image"; import {deleteMarkDownImg, uploadMarkDownImg} from "@/network/image";
import {DEFAULT_XSS_ATTR} from "@/common/js/constants";
export default { export default {
name: "MsMarkDownText", name: "MsMarkDownText",
components: {}, components: {},
@ -68,7 +69,39 @@ export default {
id: getUUID(), id: getUUID(),
xssOptions: { xssOptions: {
whiteList: { whiteList: {
img: ["src", "alt", "width", "height"], div: DEFAULT_XSS_ATTR,
p: DEFAULT_XSS_ATTR,
br: [],
h1: DEFAULT_XSS_ATTR,
h2: DEFAULT_XSS_ATTR,
h3: DEFAULT_XSS_ATTR,
h4: DEFAULT_XSS_ATTR,
h5: DEFAULT_XSS_ATTR,
h6: DEFAULT_XSS_ATTR,
hr: DEFAULT_XSS_ATTR,
span: DEFAULT_XSS_ATTR,
strong: DEFAULT_XSS_ATTR,
b: DEFAULT_XSS_ATTR,
i: DEFAULT_XSS_ATTR,
pre: DEFAULT_XSS_ATTR,
code: DEFAULT_XSS_ATTR,
tr: DEFAULT_XSS_ATTR,
table: [...DEFAULT_XSS_ATTR, 'width', 'border'],
td: [...DEFAULT_XSS_ATTR, 'width', 'colspan'],
th: [...DEFAULT_XSS_ATTR, 'width', 'colspan'],
a: [...DEFAULT_XSS_ATTR, 'target', 'href', 'title', 'rel'],
img: [...DEFAULT_XSS_ATTR, "src", "alt", "width", "height"],
tbody: DEFAULT_XSS_ATTR,
ul: DEFAULT_XSS_ATTR,
li: DEFAULT_XSS_ATTR,
ol: DEFAULT_XSS_ATTR,
dl: DEFAULT_XSS_ATTR,
dt: DEFAULT_XSS_ATTR,
em: DEFAULT_XSS_ATTR,
blockquote: DEFAULT_XSS_ATTR,
//
// audio: ['autoplay', 'controls', 'loop', 'preload', 'src'],
// video: ['autoplay', 'controls', 'loop', 'preload', 'src', 'height', 'width']
}, },
stripIgnoreTagBody: true stripIgnoreTagBody: true
}, },

2
frontend/src/business/components/xpack

@ -1 +1 @@
Subproject commit 4ab83e897bdbc55729fd7418b6a77e73e39b1df9 Subproject commit a598375541a45898616db5085fd38c192bd6df4b

2
frontend/src/common/js/constants.js
View File

@ -202,4 +202,4 @@ export const ENV_TYPE = {
GROUP: "GROUP" GROUP: "GROUP"
} }
export const DEFAULT_XSS_ATTR = ['style', 'class'];