From bf86a5f7458e14f255bd86b7a5f15d163798b4ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=90=AC=E6=B5=B7?= <445436867@qq.com>
Date: Mon, 21 Oct 2024 15:42:03 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E4=BF=AE=E5=A4=8Dxss=E6=BC=8F=E6=B4=9E?=
=?UTF-8?q?=20(#254)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
packages/fes-plugin-layout/package.json | 1 +
.../fes-plugin-layout/src/runtime/helpers/svg.js | 4 +++-
.../fes-plugin-layout/src/runtime/views/MenuIcon.vue | 12 +++++++-----
packages/fes-template/src/app.jsx | 2 +-
pnpm-lock.yaml | 7 +++++++
5 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/packages/fes-plugin-layout/package.json b/packages/fes-plugin-layout/package.json
index 4b312200..fd9e83dc 100644
--- a/packages/fes-plugin-layout/package.json
+++ b/packages/fes-plugin-layout/package.json
@@ -30,6 +30,7 @@
"peerDependencies": {
"@fesjs/fes": "^3.1.13",
"@fesjs/fes-design": ">=0.7.0",
+ "dompurify": "^3.1.7",
"vue": "^3.2.47",
"vue-router": "^4.0.1"
},
diff --git a/packages/fes-plugin-layout/src/runtime/helpers/svg.js b/packages/fes-plugin-layout/src/runtime/helpers/svg.js
index 54ea0491..e2109569 100644
--- a/packages/fes-plugin-layout/src/runtime/helpers/svg.js
+++ b/packages/fes-plugin-layout/src/runtime/helpers/svg.js
@@ -1,3 +1,5 @@
+import DOMPurify from 'dompurify';
+
const isStr = function (str) {
return typeof str === 'string';
};
@@ -26,7 +28,7 @@ export function isValid(elm) {
export function validateContent(svgContent) {
const div = document.createElement('div');
- div.innerHTML = svgContent;
+ div.innerHTML = DOMPurify.sanitize(svgContent);
// setup this way to ensure it works on our buddy IE
for (let i = div.childNodes.length - 1; i >= 0; i--) {
diff --git a/packages/fes-plugin-layout/src/runtime/views/MenuIcon.vue b/packages/fes-plugin-layout/src/runtime/views/MenuIcon.vue
index eef3800c..a6320418 100644
--- a/packages/fes-plugin-layout/src/runtime/views/MenuIcon.vue
+++ b/packages/fes-plugin-layout/src/runtime/views/MenuIcon.vue
@@ -1,11 +1,11 @@
<script lang="jsx">
-import { ref, onBeforeMount, isVNode } from 'vue';
-// eslint-disable-next-line import/extensions
+import { isVNode, onBeforeMount, ref } from 'vue';
+
import Icons from '../icons';
import { validateContent } from '../helpers/svg';
const urlReg = /^((https?|ftp|file):\/\/)?([\da-z.-]+)\.([a-z.]{2,6})([/\w .-]*)*\/?$/;
-const isUrlResource = (name) => urlReg.test(name) || name.includes('.svg');
+const isUrlResource = name => urlReg.test(name) || name.includes('.svg');
export default {
props: {
@@ -25,7 +25,8 @@ export default {
});
}
});
- } else {
+ }
+ else {
AIconComponent.value = Icons[props.icon];
}
}
@@ -39,13 +40,14 @@ export default {
return <AIconComponent.value />;
}
if (AText.value) {
- return <span class={'fes-layout-icon'} innerHTML={AText.value}></span>;
+ return <span class="fes-layout-icon" innerHTML={AText.value}></span>;
}
return null;
};
},
};
</script>
+
<style>
.fes-layout-icon {
display: inline-block;
diff --git a/packages/fes-template/src/app.jsx b/packages/fes-template/src/app.jsx
index e298ca39..9e7ee8b2 100644
--- a/packages/fes-template/src/app.jsx
+++ b/packages/fes-template/src/app.jsx
@@ -9,7 +9,7 @@ export const beforeRender = {
const { setRole, getRole } = accessApi;
return new Promise((resolve) => {
setTimeout(() => {
- setRole('menuTest');
+ setRole('admin');
resolve({
userName: '李雷',
});
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index dc0afd76..30c6ce01 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -441,6 +441,9 @@ importers:
'@vueuse/core':
specifier: ^10.7.0
version: 10.7.0(vue@3.3.4)
+ dompurify:
+ specifier: ^3.1.7
+ version: 3.1.7
vue:
specifier: ^3.2.47
version: 3.3.4
@@ -6980,6 +6983,10 @@ packages:
domelementtype: 2.3.0
dev: false
+ /dompurify@3.1.7:
+ resolution: {integrity: sha512-VaTstWtsneJY8xzy7DekmYWEOZcmzIe3Qb3zPd4STve1OBTa+e+WmS1ITQec1fZYXI3HCsOZZiSMpG6oxoWMWQ==}
+ dev: false
+
/domutils@2.8.0:
resolution: {integrity: sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==}
dependencies: