mirror of
https://github.com/leanote/desktop-app.git
synced 2025-10-17 08:38:18 +00:00
当笔记中有xss, html不法脚本时如<meta refresh>, 转换成desc时会刷新, 导致白屏
This commit is contained in:
life
@@ -344,35 +344,20 @@ Note.genDesc = function(content, length) {
|
|||||||
length = 20;
|
length = 20;
|
||||||
}
|
}
|
||||||
|
|
||||||
// 将</div>, </p>替换成\n
|
|
||||||
/*
|
|
||||||
var token = "ALEALE";
|
|
||||||
content = content.replace(/<\/p>/g, token);
|
|
||||||
content = content.replace(/<\/div>/g, token);
|
|
||||||
content = content.replace(/<\/?.+?>/g," ");
|
|
||||||
|
|
||||||
pattern = new RegExp(token, "g");
|
|
||||||
content = content.replace(pattern, "<br />");
|
|
||||||
content = content.replace(/<br \/>( *)<br \/>/g, "<br />"); // 两个<br />之间可能有空白
|
|
||||||
content = content.replace(/<br \/>( *)<br \/>/g, "<br />");
|
|
||||||
|
|
||||||
// 去掉最开始的<br />或<p />
|
|
||||||
content = trimLeft(content, " ");
|
|
||||||
content = trimLeft(content, "<br />");
|
|
||||||
content = trimLeft(content, "</p>");
|
|
||||||
content = trimLeft(content, "</div>");
|
|
||||||
*/
|
|
||||||
|
|
||||||
// 留空格
|
// 留空格
|
||||||
content = content.replace(/<br \/>/g," <br />");
|
content = content.replace(/<br \/>/g," ");
|
||||||
content = content.replace(/<\/p>/g," </p>");
|
content = content.replace(/<\/p>/g," ");
|
||||||
content = content.replace(/<\/div>/g," </div>");
|
content = content.replace(/<\/div>/g," ");
|
||||||
|
|
||||||
|
// 非常危险, 万一markdown里, 或者code里写了<script></script>或<http meta=refresh>之类的
|
||||||
// 避免其它的<img 之类的不完全
|
// 避免其它的<img 之类的不完全
|
||||||
content = $("<div></div>").html(content).text();
|
// 之前会将content放到<div></div>中
|
||||||
|
// content = $("<div></div>").html(content).text();
|
||||||
|
// content = $("<div>" + content + "</div>").text();
|
||||||
|
|
||||||
|
// 将html tags全部删除
|
||||||
|
content = content.replace(/<\/?[^>]+(>|$)/g, "");
|
||||||
content = $.trim(content);
|
content = $.trim(content);
|
||||||
|
|
||||||
// pre下text()会将< => < > => >
|
// pre下text()会将< => < > => >
|
||||||
content = content.replace(/</g, "<");
|
content = content.replace(/</g, "<");
|
||||||
content = content.replace(/>/g, ">");
|
content = content.replace(/>/g, ">");
|
||||||
@@ -380,6 +365,7 @@ Note.genDesc = function(content, length) {
|
|||||||
if(content.length < length) {
|
if(content.length < length) {
|
||||||
return content;
|
return content;
|
||||||
}
|
}
|
||||||
|
|
||||||
return content.substring(0, length);
|
return content.substring(0, length);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -798,7 +784,7 @@ Note.renderChangedNote = function(changedNote) {
|
|||||||
Note.changeStarNoteTitle(changedNote.NoteId, trimTitle(changedNote.Title));
|
Note.changeStarNoteTitle(changedNote.NoteId, trimTitle(changedNote.Title));
|
||||||
}
|
}
|
||||||
if(changedNote.Desc) {
|
if(changedNote.Desc) {
|
||||||
$leftNoteNav.find(".desc").html(changedNote.Desc);
|
$leftNoteNav.find(".desc").html(trimTitle(changedNote.Desc));
|
||||||
}
|
}
|
||||||
if(changedNote.ImgSrc) {
|
if(changedNote.ImgSrc) {
|
||||||
$thumb = $leftNoteNav.find(".item-thumb");
|
$thumb = $leftNoteNav.find(".item-thumb");
|
||||||
|
|||||||
Reference in New Issue
Block a user