@lingxiteam/lcdp-ueditor-react 1.0.0-alpha.12 → 1.0.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/es/LcdpUeditor.d.ts.map +1 -1
- package/es/LcdpUeditor.js +2 -1
- package/es/tools/filterHtmlNode.d.ts +1 -0
- package/es/tools/filterHtmlNode.d.ts.map +1 -0
- package/es/tools/filterHtmlNode.js +35 -0
- package/lib/LcdpUeditor.js +2 -1
- package/lib/tools/filterHtmlNode.d.ts +1 -0
- package/lib/tools/filterHtmlNode.js +55 -0
- package/package.json +1 -1
package/es/LcdpUeditor.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"LcdpUeditor.d.ts","sourceRoot":"","sources":["LcdpUeditor.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"LcdpUeditor.d.ts","sourceRoot":"","sources":["LcdpUeditor.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAQhD,cAAM,WAAY,SAAQ,KAAK,CAAC,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;IAC9D;;OAEG;IACH,WAAW,EAAE,MAAM,CAAwB;IAE3C;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAwD;IAExE;;OAEG;IACH,OAAO,CAAC,YAAY,CAAwD;IAE5E;;OAEG;IACH,OAAO,CAAC,WAAW,CAAS;IAE5B;;OAEG;IACH,OAAO,CAAC,WAAW,CAAa;IAEhC;;OAEG;IACH,OAAO,CAAC,YAAY,CAAiB;IAErC;;OAEG;IACH,OAAO,CAAC,qBAAqB,CAAW;IAExC;;OAEG;IACH,OAAO,CAAC,cAAc,CAAc;IAEpC;;OAEG;IACH,OAAO,CAAC,cAAc,CAAM;IAE5B;;OAEG;IACH,OAAO,CAAC,OAAO,CAAkB;IAEjC;;OAEG;IACH,KAAK,EAAE,QAAQ,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAC,CAAC,CAEnC;IAEF;;OAEG;IACH,YAAY,EAAE,GAAG,CAAM;gBAEX,KAAK,EAAE,iBAAiB;IA0CpC,iBAAiB,IAAI,IAAI;IAIzB,yBAAyB,CAAC,SAAS,EAAE,iBAAiB;IAiBtD,oBAAoB,IAAI,IAAI;IAM5B,OAAO,CAAC,eAAe;IAUvB,OAAO,CAAC,YAAY;IAOpB;;;;OAIG;YACW,UAAU;IAqCxB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAMhB;;OAEG;IACH,OAAO,CAAC,SAAS;IAcjB;;OAEG;IACG,WAAW;IAiCjB,MAAM,IAAI,KAAK,CAAC,SAAS;CAY1B;AAED,eAAe,WAAW,CAAC"}
|
package/es/LcdpUeditor.js
CHANGED
|
@@ -22,6 +22,7 @@ import { DEFAULT_UEDITOR_CONFIG, DEFAULT_UEDITOR_PATH } from "./const";
|
|
|
22
22
|
import DefaultConfig from "./defaultConfig.json";
|
|
23
23
|
import UeditorResourceLoader from "./tools/UeditorResourceLoader";
|
|
24
24
|
import { debounce } from 'lodash';
|
|
25
|
+
import { filterHtmlNode } from "./tools/filterHtmlNode";
|
|
25
26
|
var LcdpUeditor = /*#__PURE__*/function (_React$Component) {
|
|
26
27
|
_inherits(LcdpUeditor, _React$Component);
|
|
27
28
|
var _super = _createSuper(LcdpUeditor);
|
|
@@ -158,7 +159,7 @@ var LcdpUeditor = /*#__PURE__*/function (_React$Component) {
|
|
|
158
159
|
this.isReportFlag = true;
|
|
159
160
|
} else if (this.props.onChange) {
|
|
160
161
|
this.currentContent = this.ueditorInst.getContent();
|
|
161
|
-
this.props.onChange(this.currentContent);
|
|
162
|
+
this.props.onChange(filterHtmlNode(this.currentContent));
|
|
162
163
|
}
|
|
163
164
|
}
|
|
164
165
|
}, {
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const filterHtmlNode: (str: string) => string;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filterHtmlNode.d.ts","sourceRoot":"","sources":["filterHtmlNode.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,cAAc,QAAS,MAAM,WAkCzC,CAAC"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
export var filterHtmlNode = function filterHtmlNode(str) {
|
|
2
|
+
if (typeof str !== 'string') return str || '';
|
|
3
|
+
var blacklist = ['script', 'style', 'iframe'];
|
|
4
|
+
|
|
5
|
+
// 创建一个新的 DOM 解析器对象
|
|
6
|
+
var parser = new DOMParser();
|
|
7
|
+
|
|
8
|
+
// 使用 parseFromString 方法将 HTML 片段转换为 DOM 对象
|
|
9
|
+
var doc = parser.parseFromString(str, 'text/html');
|
|
10
|
+
|
|
11
|
+
// 遍历 DOM 树并删除恶意节点
|
|
12
|
+
function cleanNode(node) {
|
|
13
|
+
if (node.nodeType === 1) {
|
|
14
|
+
// 元素节点
|
|
15
|
+
if (blacklist.indexOf(node.nodeName.toLowerCase()) !== -1) {
|
|
16
|
+
var _node$parentNode;
|
|
17
|
+
(_node$parentNode = node.parentNode) === null || _node$parentNode === void 0 || _node$parentNode.removeChild(node);
|
|
18
|
+
return;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
// 移除元素节点上所有事件属性
|
|
22
|
+
for (var i = node.attributes.length - 1; i >= 0; i -= 1) {
|
|
23
|
+
var attr = node.attributes[i];
|
|
24
|
+
if (attr.name.startsWith('on') || String(node.getAttribute(attr.name)).toLowerCase().indexOf('javascript:') !== -1) {
|
|
25
|
+
node.removeAttribute(attr.name);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
for (var _i = 0; _i < node.childNodes.length; _i += 1) {
|
|
30
|
+
cleanNode(node.childNodes[_i]);
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
cleanNode(doc.body);
|
|
34
|
+
return doc.body.innerHTML;
|
|
35
|
+
};
|
package/lib/LcdpUeditor.js
CHANGED
|
@@ -37,6 +37,7 @@ var import_const = require("./const");
|
|
|
37
37
|
var import_defaultConfig = __toESM(require("./defaultConfig.json"));
|
|
38
38
|
var import_UeditorResourceLoader = __toESM(require("./tools/UeditorResourceLoader"));
|
|
39
39
|
var import_lodash = require("lodash");
|
|
40
|
+
var import_filterHtmlNode = require("./tools/filterHtmlNode");
|
|
40
41
|
var LcdpUeditor = class extends import_react.default.Component {
|
|
41
42
|
constructor(props) {
|
|
42
43
|
super(props);
|
|
@@ -144,7 +145,7 @@ var LcdpUeditor = class extends import_react.default.Component {
|
|
|
144
145
|
this.isReportFlag = true;
|
|
145
146
|
} else if (this.props.onChange) {
|
|
146
147
|
this.currentContent = this.ueditorInst.getContent();
|
|
147
|
-
this.props.onChange(this.currentContent);
|
|
148
|
+
this.props.onChange((0, import_filterHtmlNode.filterHtmlNode)(this.currentContent));
|
|
148
149
|
}
|
|
149
150
|
}
|
|
150
151
|
getExtString(str) {
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const filterHtmlNode: (str: string) => string;
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
var __defProp = Object.defineProperty;
|
|
2
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
4
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
5
|
+
var __export = (target, all) => {
|
|
6
|
+
for (var name in all)
|
|
7
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
8
|
+
};
|
|
9
|
+
var __copyProps = (to, from, except, desc) => {
|
|
10
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
11
|
+
for (let key of __getOwnPropNames(from))
|
|
12
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
13
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
14
|
+
}
|
|
15
|
+
return to;
|
|
16
|
+
};
|
|
17
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
18
|
+
|
|
19
|
+
// src/tools/filterHtmlNode.ts
|
|
20
|
+
var filterHtmlNode_exports = {};
|
|
21
|
+
__export(filterHtmlNode_exports, {
|
|
22
|
+
filterHtmlNode: () => filterHtmlNode
|
|
23
|
+
});
|
|
24
|
+
module.exports = __toCommonJS(filterHtmlNode_exports);
|
|
25
|
+
var filterHtmlNode = (str) => {
|
|
26
|
+
if (typeof str !== "string")
|
|
27
|
+
return str || "";
|
|
28
|
+
const blacklist = ["script", "style", "iframe"];
|
|
29
|
+
const parser = new DOMParser();
|
|
30
|
+
const doc = parser.parseFromString(str, "text/html");
|
|
31
|
+
function cleanNode(node) {
|
|
32
|
+
var _a;
|
|
33
|
+
if (node.nodeType === 1) {
|
|
34
|
+
if (blacklist.indexOf(node.nodeName.toLowerCase()) !== -1) {
|
|
35
|
+
(_a = node.parentNode) == null ? void 0 : _a.removeChild(node);
|
|
36
|
+
return;
|
|
37
|
+
}
|
|
38
|
+
for (let i = node.attributes.length - 1; i >= 0; i -= 1) {
|
|
39
|
+
const attr = node.attributes[i];
|
|
40
|
+
if (attr.name.startsWith("on") || String(node.getAttribute(attr.name)).toLowerCase().indexOf("javascript:") !== -1) {
|
|
41
|
+
node.removeAttribute(attr.name);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
for (let i = 0; i < node.childNodes.length; i += 1) {
|
|
46
|
+
cleanNode(node.childNodes[i]);
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
cleanNode(doc.body);
|
|
50
|
+
return doc.body.innerHTML;
|
|
51
|
+
};
|
|
52
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
53
|
+
0 && (module.exports = {
|
|
54
|
+
filterHtmlNode
|
|
55
|
+
});
|