fix(SPA): 过滤 XSS

slimkit · Jan 26, 2019 · bed1606 · bed1606
1 parent 8965728
commit bed1606
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 15 deletions.
diff --git a/resources/spa/package.json b/resources/spa/package.json
@@ -32,7 +32,8 @@
     "vue": "^2.5.17",
     "vue-router": "^3.0.1",
     "vuex": "^3.0.1",
-    "weixin-js-sdk": "^1.3.3"
+    "weixin-js-sdk": "^1.3.3",
+    "xss": "^1.0.3"
   },
   "devDependencies": {
     "@vue/cli-plugin-babel": "^3.2.0",

diff --git a/resources/spa/src/filters.js b/resources/spa/src/filters.js
@@ -1,4 +1,5 @@
 import plueMessageBundle from 'plus-message-bundle'
+import xss from 'xss'
 
 /**
  * ThinkSNS Plus 消息解析器，获取顶部消息.
@@ -21,20 +22,8 @@ export function plusMessageFirst (message, defaultMessage) {
  * @returns {string}
  */
 export function escapeHTML (value) {
-  if (typeof value !== 'string') {
-    return value
-  }
-  return value.replace(/[&<>`"'/]/g, function (result) {
-    return {
-      '&': '&amp;',
-      '<': '&lt;',
-      '>': '&gt;',
-      '`': '&#x60;',
-      '"': '&quot;',
-      "'": '&#x27;',
-      '/': '&#x2f;',
-    }[result]
-  })
+  const options = {}
+  return xss(value, options)
 }
 
 /**