From cb8626e8a3939f1c5029670a4004670640049e9b Mon Sep 17 00:00:00 2001 From: dataeaseShu <106045316+dataeaseShu@users.noreply.github.com> Date: Sat, 22 Jul 2023 08:54:00 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20xss=E5=AF=BC=E8=87=B4=E9=A1=B5=E8=84=9A?= =?UTF-8?q?=E5=B1=9E=E6=80=A7=E6=98=BE=E7=A4=BA=E4=B8=8D=E6=AD=A3=E5=B8=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- frontend/src/views/login/index.vue | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/frontend/src/views/login/index.vue b/frontend/src/views/login/index.vue index 75a3db4e5f..c1f441246c 100644 --- a/frontend/src/views/login/index.vue +++ b/frontend/src/views/login/index.vue @@ -202,7 +202,7 @@
@@ -216,6 +216,7 @@ import { changeFavicon, showMultiLoginMsg } from '@/utils/index' import { initTheme } from '@/utils/ThemeUtil' import PluginCom from '@/views/system/plugin/PluginCom' import Cookies from 'js-cookie' +import xss from 'xss' export default { name: 'Login', components: { PluginCom }, @@ -449,7 +450,25 @@ export default { this.showFoot = this.uiInfo['ui.showFoot'].paramValue === true || this.uiInfo['ui.showFoot'].paramValue === 'true' if (this.showFoot) { const content = this.uiInfo['ui.footContent'] && this.uiInfo['ui.footContent'].paramValue - this.footContent = content + const myXss = new xss.FilterXSS({ + css: { + whiteList: { + 'background-color': true, + 'text-align': true, + 'margin-top': true, + 'margin-bottom': true, + 'line-height': true, + 'box-sizing': true, + 'padding-top': true, + 'padding-bottom': true + } + }, + whiteList: { + ...xss.whiteList, + p: ['style'] + } + }) + this.footContent = myXss.process(content) } } },