fix: 引入 v-dompurify-html 指令解决 v-html 的安全隐患

2025-07-17 04:15:07 +08:00 · 2023-05-31 15:58:35 +08:00
parent 2ddb605076
commit 6a10a81f58
8 changed files with 22 additions and 18 deletions
--- a/src/views/infra/build/index.vue
+++ b/src/views/infra/build/index.vue
@ -16,20 +16,20 @@
  </ContentWrap>

  <!-- 弹窗：表单预览 -->
-  <Dialog :title="dialogTitle" v-model="dialogVisible" max-height="600">
-    <div ref="editor" v-if="dialogVisible">
+  <Dialog v-model="dialogVisible" :title="dialogTitle" max-height="600">
+    <div v-if="dialogVisible" ref="editor">
      <el-button style="float: right" @click="copy(formData)">
        {{ t('common.copy') }}
      </el-button>
      <el-scrollbar height="580">
        <div>
-          <pre><code class="hljs" v-html="highlightedCode(formData)"></code></pre>
+          <pre><code v-dompurify-html="highlightedCode(formData)" class="hljs"></code></pre>
        </div>
      </el-scrollbar>
    </div>
  </Dialog>
 </template>
-<script setup lang="ts" name="InfraBuild">
+<script lang="ts" name="InfraBuild" setup>
 import FcDesigner from '@form-create/designer'
 import { useClipboard } from '@vueuse/core'
 import { isString } from '@/utils/is'
--- a/src/views/infra/codegen/PreviewCode.vue
+++ b/src/views/infra/codegen/PreviewCode.vue
@ -46,7 +46,7 @@
              {{ t('common.copy') }}
            </el-button>
            <div>
-              <pre><code class="hljs" v-html="highlightedCode(item)"></code></pre>
+              <pre><code v-dompurify-html="highlightedCode(item)" class="hljs"></code></pre>
            </div>
          </el-tab-pane>
        </el-tabs>
--- a/src/views/mall/product/spu/components/DescriptionForm.vue
+++ b/src/views/mall/product/spu/components/DescriptionForm.vue
@ -19,7 +19,7 @@
  >
    <!-- 展示 HTML 内容 -->
    <template #description="{ row }">
-      <div style="width: 600px" v-html="row.description"></div>
+      <div v-dompurify-html="row.description" style="width: 600px"></div>
    </template>
  </Descriptions>
 </template>
--- a/src/views/system/mail/log/MailLogDetail.vue
+++ b/src/views/system/mail/log/MailLogDetail.vue
@ -3,7 +3,7 @@
    <Descriptions :data="detailData" :schema="allSchemas.detailSchema">
      <!-- 展示 HTML 内容 -->
      <template #templateContent="{ row }">
-        <div v-html="row.templateContent"></div>
+        <div v-dompurify-html="row.templateContent"></div>
      </template>
    </Descriptions>
  </Dialog>