调整防止xss攻击

public/react/src/common/UrlTool.js

@@ -71,3 +71,18 @@ export function toPath(path) {
 export function getTaskUrlById(id) {
 	return `/tasks/${id}`
 }
+
+
+export function htmlEncode(str) {
+	var s = "";
+	if (str.length === 0) {
+		return "";
+	}
+	s = str.replace(/&/g, "&");
+	s = s.replace(/</g, "&lt;");
+	s = s.replace(/>/g, "&gt;");
+	s = s.replace(/ /g, "&nbsp;");
+	s = s.replace(/\'/g, "&#39;");//IE下不支持实体名称
+	s = s.replace(/\"/g, "&quot;");
+	return s;
+}

public/react/src/common/educoder.js

@@ -4,7 +4,7 @@ import { from } from '_array-flatten@2.1.2@array-flatten';
 
 export { getImageUrl as getImageUrl, getUrl as getUrl, getUrl2 as getUrl2, setImagesUrl as setImagesUrl
         , getUploadActionUrl as getUploadActionUrl, getUploadActionUrlOfAuth as getUploadActionUrlOfAuth
-        , getTaskUrlById as getTaskUrlById, TEST_HOST } from                './UrlTool';
+        , getTaskUrlById as getTaskUrlById, TEST_HOST ,htmlEncode as htmlEncode } from                './UrlTool';
 export { default as queryString } from                './UrlTool2';
  
 export { SnackbarHOC as SnackbarHOC } from                './SnackbarHOC';

public/react/src/modules/forums/MemoDetail.js

@@ -22,7 +22,7 @@ import {ImageLayerOfCommentHOC} from '../page/layers/ImageLayerOfCommentHOC'
 import MemoDetailKEEditor from './MemoDetailKEEditor'
 import MemoDetailMDEditor from './MemoDetailMDEditor'
 
-import { bytesToSize, CBreadcrumb } from 'educoder'
+import { bytesToSize, CBreadcrumb ,htmlEncode} from 'educoder'
 import { Tooltip } from 'antd'
 
 // import CBreadcrumb from '../courses/common/CBreadcrumb'
@@ -246,6 +246,8 @@ class MemoDetail extends Component {
       if (commentContent) {
         commentContent = commentContent.replace(/(\n<p>\n\t<br \/>\n<\/p>)*$/g,'');
       }
+
+			commentContent=htmlEncode(commentContent)
       axios.post(url, {
             parent_id: id,
             content: commentContent
@@ -491,6 +493,7 @@ class MemoDetail extends Component {
       const url = `/memos/reply.json`;
       let { comments } = this.state;
       const user = this._getUser();
+			content=htmlEncode(content)
       axios.post(url, {
           parent_id: memo.id,
           content: content

public/react/src/modules/message/js/MessagChat.js

@@ -1,6 +1,6 @@
 import React, { Component } from 'react';
 import "../css/messagemy.css"
-import {getImageUrl,markdownToHTML} from 'educoder';
+import {getImageUrl,markdownToHTML,htmlEncode} from 'educoder';
 import { Modal,Input,Icon,Tooltip,Spin} from 'antd';
 import axios from 'axios';
 import TPMMDEditor from '../../tpm/challengesnew/TPMMDEditor';
@@ -417,6 +417,7 @@ class MessagChat extends Component{
 	  let  contents=this.messageRef.current.getValue().trim();
 		const query = this.props.location.search;
 		let target_ids = query.split('?target_ids=');
+		contents=htmlEncode(contents)
 		let url = `/users/${this.props.match.params.userid}/private_messages.json`;
 		axios.post(url, {
 				target_id: target_ids[1],

public/react/src/modules/message/messagemodal/WriteaprivateletterModal.js

@@ -2,7 +2,7 @@ import React, { Component } from 'react';
 import { Modal,Input,Icon,Tooltip,Spin} from 'antd';
 import axios from 'axios';
 // import '../../modules/user/common.css';
-import {getImageUrl} from 'educoder';
+import {getImageUrl,htmlEncode} from 'educoder';
 //完善个人资料
 class WriteaprivateletterModal extends Component {
 
@@ -58,6 +58,7 @@ class WriteaprivateletterModal extends Component {
 	//发送私信
 	SendprivatemessageAPI=(idvalue,contentvalue)=>{
 		const  url =`/users/${this.props.current_user.user_id}/private_messages.json`
+		contentvalue=htmlEncode(contentvalue)
 		let data={
 			target_id:idvalue,
 			content:contentvalue,