diff --git a/public/react/src/common/UrlTool.js b/public/react/src/common/UrlTool.js index 3ad52f264..db97642b7 100644 --- a/public/react/src/common/UrlTool.js +++ b/public/react/src/common/UrlTool.js @@ -71,3 +71,18 @@ export function toPath(path) { export function getTaskUrlById(id) { return `/tasks/${id}` } + + +export function htmlEncode(str) { + var s = ""; + if (str.length === 0) { + return ""; + } + s = str.replace(/&/g, "&"); + s = s.replace(//g, ">"); + s = s.replace(/ /g, " "); + s = s.replace(/\'/g, "'");//IE下不支持实体名称 + s = s.replace(/\"/g, """); + return s; +} \ No newline at end of file diff --git a/public/react/src/common/educoder.js b/public/react/src/common/educoder.js index ec4659de7..73c707c9b 100644 --- a/public/react/src/common/educoder.js +++ b/public/react/src/common/educoder.js @@ -4,7 +4,7 @@ import { from } from '_array-flatten@2.1.2@array-flatten'; export { getImageUrl as getImageUrl, getUrl as getUrl, getUrl2 as getUrl2, setImagesUrl as setImagesUrl , getUploadActionUrl as getUploadActionUrl, getUploadActionUrlOfAuth as getUploadActionUrlOfAuth - , getTaskUrlById as getTaskUrlById, TEST_HOST } from './UrlTool'; + , getTaskUrlById as getTaskUrlById, TEST_HOST ,htmlEncode as htmlEncode } from './UrlTool'; export { default as queryString } from './UrlTool2'; export { SnackbarHOC as SnackbarHOC } from './SnackbarHOC'; diff --git a/public/react/src/modules/forums/MemoDetail.js b/public/react/src/modules/forums/MemoDetail.js index cc206713b..7578eea6e 100644 --- a/public/react/src/modules/forums/MemoDetail.js +++ b/public/react/src/modules/forums/MemoDetail.js @@ -22,7 +22,7 @@ import {ImageLayerOfCommentHOC} from '../page/layers/ImageLayerOfCommentHOC' import MemoDetailKEEditor from './MemoDetailKEEditor' import MemoDetailMDEditor from './MemoDetailMDEditor' -import { bytesToSize, CBreadcrumb } from 'educoder' +import { bytesToSize, CBreadcrumb ,htmlEncode} from 'educoder' import { Tooltip } from 'antd' // import CBreadcrumb from '../courses/common/CBreadcrumb' @@ -246,6 +246,8 @@ class MemoDetail extends Component { if (commentContent) { commentContent = commentContent.replace(/(\n

\n\t
\n<\/p>)*$/g,''); } + + commentContent=htmlEncode(commentContent) axios.post(url, { parent_id: id, content: commentContent @@ -491,6 +493,7 @@ class MemoDetail extends Component { const url = `/memos/reply.json`; let { comments } = this.state; const user = this._getUser(); + content=htmlEncode(content) axios.post(url, { parent_id: memo.id, content: content diff --git a/public/react/src/modules/message/js/MessagChat.js b/public/react/src/modules/message/js/MessagChat.js index 34494a256..e320ff3a3 100644 --- a/public/react/src/modules/message/js/MessagChat.js +++ b/public/react/src/modules/message/js/MessagChat.js @@ -1,6 +1,6 @@ import React, { Component } from 'react'; import "../css/messagemy.css" -import {getImageUrl,markdownToHTML} from 'educoder'; +import {getImageUrl,markdownToHTML,htmlEncode} from 'educoder'; import { Modal,Input,Icon,Tooltip,Spin} from 'antd'; import axios from 'axios'; import TPMMDEditor from '../../tpm/challengesnew/TPMMDEditor'; @@ -417,6 +417,7 @@ class MessagChat extends Component{ let contents=this.messageRef.current.getValue().trim(); const query = this.props.location.search; let target_ids = query.split('?target_ids='); + contents=htmlEncode(contents) let url = `/users/${this.props.match.params.userid}/private_messages.json`; axios.post(url, { target_id: target_ids[1], diff --git a/public/react/src/modules/message/messagemodal/WriteaprivateletterModal.js b/public/react/src/modules/message/messagemodal/WriteaprivateletterModal.js index dfa27ba9a..da0af0448 100644 --- a/public/react/src/modules/message/messagemodal/WriteaprivateletterModal.js +++ b/public/react/src/modules/message/messagemodal/WriteaprivateletterModal.js @@ -2,7 +2,7 @@ import React, { Component } from 'react'; import { Modal,Input,Icon,Tooltip,Spin} from 'antd'; import axios from 'axios'; // import '../../modules/user/common.css'; -import {getImageUrl} from 'educoder'; +import {getImageUrl,htmlEncode} from 'educoder'; //完善个人资料 class WriteaprivateletterModal extends Component { @@ -58,6 +58,7 @@ class WriteaprivateletterModal extends Component { //发送私信 SendprivatemessageAPI=(idvalue,contentvalue)=>{ const url =`/users/${this.props.current_user.user_id}/private_messages.json` + contentvalue=htmlEncode(contentvalue) let data={ target_id:idvalue, content:contentvalue,