@lingxiteam/lcdp-ueditor-react 1.0.0-alpha.12 → 1.0.0-alpha.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/es/LcdpUeditor.d.ts.map +1 -1
- package/es/LcdpUeditor.js +6 -4
- package/es/tools/filterHtmlNode.d.ts +1 -0
- package/es/tools/filterHtmlNode.d.ts.map +1 -0
- package/es/tools/filterHtmlNode.js +35 -0
- package/lib/LcdpUeditor.js +6 -4
- package/lib/tools/filterHtmlNode.d.ts +1 -0
- package/lib/tools/filterHtmlNode.js +55 -0
- package/package.json +1 -1
package/es/LcdpUeditor.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"LcdpUeditor.d.ts","sourceRoot":"","sources":["LcdpUeditor.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"LcdpUeditor.d.ts","sourceRoot":"","sources":["LcdpUeditor.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAQhD,cAAM,WAAY,SAAQ,KAAK,CAAC,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC;IAC9D;;OAEG;IACH,WAAW,EAAE,MAAM,CAAwB;IAE3C;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAwD;IAExE;;OAEG;IACH,OAAO,CAAC,YAAY,CAAwD;IAE5E;;OAEG;IACH,OAAO,CAAC,WAAW,CAAS;IAE5B;;OAEG;IACH,OAAO,CAAC,WAAW,CAAa;IAEhC;;OAEG;IACH,OAAO,CAAC,YAAY,CAAiB;IAErC;;OAEG;IACH,OAAO,CAAC,qBAAqB,CAAW;IAExC;;OAEG;IACH,OAAO,CAAC,cAAc,CAAc;IAEpC;;OAEG;IACH,OAAO,CAAC,cAAc,CAAM;IAE5B;;OAEG;IACH,OAAO,CAAC,OAAO,CAAkB;IAEjC;;OAEG;IACH,KAAK,EAAE,QAAQ,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAC,CAAC,CAEnC;IAEF;;OAEG;IACH,YAAY,EAAE,GAAG,CAAM;gBAEX,KAAK,EAAE,iBAAiB;IA2CpC,iBAAiB,IAAI,IAAI;IAIzB,yBAAyB,CAAC,SAAS,EAAE,iBAAiB;IAiBtD,oBAAoB,IAAI,IAAI;IAM5B,OAAO,CAAC,eAAe;IAUvB,OAAO,CAAC,YAAY;IAOpB;;;;OAIG;YACW,UAAU;IAqCxB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAMhB;;OAEG;IACH,OAAO,CAAC,SAAS;IAcjB;;OAEG;IACG,WAAW;IAiCjB,MAAM,IAAI,KAAK,CAAC,SAAS;CAY1B;AAED,eAAe,WAAW,CAAC"}
|
package/es/LcdpUeditor.js
CHANGED
|
@@ -22,6 +22,7 @@ import { DEFAULT_UEDITOR_CONFIG, DEFAULT_UEDITOR_PATH } from "./const";
|
|
|
22
22
|
import DefaultConfig from "./defaultConfig.json";
|
|
23
23
|
import UeditorResourceLoader from "./tools/UeditorResourceLoader";
|
|
24
24
|
import { debounce } from 'lodash';
|
|
25
|
+
import { filterHtmlNode } from "./tools/filterHtmlNode";
|
|
25
26
|
var LcdpUeditor = /*#__PURE__*/function (_React$Component) {
|
|
26
27
|
_inherits(LcdpUeditor, _React$Component);
|
|
27
28
|
var _super = _createSuper(LcdpUeditor);
|
|
@@ -84,7 +85,8 @@ var LcdpUeditor = /*#__PURE__*/function (_React$Component) {
|
|
|
84
85
|
if (_this.props.ueditorPath) {
|
|
85
86
|
_this.ueditorPath = _this.props.ueditorPath;
|
|
86
87
|
}
|
|
87
|
-
|
|
88
|
+
var nextValue = filterHtmlNode(_this.props.value || '');
|
|
89
|
+
_this.currentContent = nextValue;
|
|
88
90
|
_this.uploadFunction = function (file, type) {
|
|
89
91
|
var _this$props$config;
|
|
90
92
|
// TODO 内置上传 图片base64
|
|
@@ -115,7 +117,7 @@ var LcdpUeditor = /*#__PURE__*/function (_React$Component) {
|
|
|
115
117
|
_this.fileSelect(cb, type);
|
|
116
118
|
},
|
|
117
119
|
uploadFunction: _this.uploadFunction,
|
|
118
|
-
initialContent:
|
|
120
|
+
initialContent: nextValue || ''
|
|
119
121
|
});
|
|
120
122
|
_this.debounceContentChange = debounce(_this.onContentChange.bind(_assertThisInitialized(_this)), 300);
|
|
121
123
|
return _this;
|
|
@@ -131,7 +133,7 @@ var LcdpUeditor = /*#__PURE__*/function (_React$Component) {
|
|
|
131
133
|
if (this.isReady) {
|
|
132
134
|
if ('value' in nextProps && this.currentContent !== nextProps.value) {
|
|
133
135
|
this.isReportFlag = false;
|
|
134
|
-
this.ueditorInst.setContent(nextProps.value || '');
|
|
136
|
+
this.ueditorInst.setContent(filterHtmlNode(nextProps.value || ''));
|
|
135
137
|
}
|
|
136
138
|
// 禁用操作需要调用指定的api进行操作
|
|
137
139
|
if (nextProps.disabled !== this.props.disabled) {
|
|
@@ -157,7 +159,7 @@ var LcdpUeditor = /*#__PURE__*/function (_React$Component) {
|
|
|
157
159
|
if (!this.isReportFlag) {
|
|
158
160
|
this.isReportFlag = true;
|
|
159
161
|
} else if (this.props.onChange) {
|
|
160
|
-
this.currentContent = this.ueditorInst.getContent();
|
|
162
|
+
this.currentContent = filterHtmlNode(this.ueditorInst.getContent() || '');
|
|
161
163
|
this.props.onChange(this.currentContent);
|
|
162
164
|
}
|
|
163
165
|
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const filterHtmlNode: (str: string) => string;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filterHtmlNode.d.ts","sourceRoot":"","sources":["filterHtmlNode.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,cAAc,QAAS,MAAM,WAkCzC,CAAC"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
export var filterHtmlNode = function filterHtmlNode(str) {
|
|
2
|
+
if (typeof str !== 'string') return str || '';
|
|
3
|
+
var blacklist = ['script', 'style', 'iframe'];
|
|
4
|
+
|
|
5
|
+
// 创建一个新的 DOM 解析器对象
|
|
6
|
+
var parser = new DOMParser();
|
|
7
|
+
|
|
8
|
+
// 使用 parseFromString 方法将 HTML 片段转换为 DOM 对象
|
|
9
|
+
var doc = parser.parseFromString(str, 'text/html');
|
|
10
|
+
|
|
11
|
+
// 遍历 DOM 树并删除恶意节点
|
|
12
|
+
function cleanNode(node) {
|
|
13
|
+
if (node.nodeType === 1) {
|
|
14
|
+
// 元素节点
|
|
15
|
+
if (blacklist.indexOf(node.nodeName.toLowerCase()) !== -1) {
|
|
16
|
+
var _node$parentNode;
|
|
17
|
+
(_node$parentNode = node.parentNode) === null || _node$parentNode === void 0 || _node$parentNode.removeChild(node);
|
|
18
|
+
return;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
// 移除元素节点上所有事件属性
|
|
22
|
+
for (var i = node.attributes.length - 1; i >= 0; i -= 1) {
|
|
23
|
+
var attr = node.attributes[i];
|
|
24
|
+
if (attr.name.startsWith('on') || String(node.getAttribute(attr.name)).toLowerCase().indexOf('javascript:') !== -1) {
|
|
25
|
+
node.removeAttribute(attr.name);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
for (var _i = 0; _i < node.childNodes.length; _i += 1) {
|
|
30
|
+
cleanNode(node.childNodes[_i]);
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
cleanNode(doc.body);
|
|
34
|
+
return doc.body.innerHTML;
|
|
35
|
+
};
|
package/lib/LcdpUeditor.js
CHANGED
|
@@ -37,6 +37,7 @@ var import_const = require("./const");
|
|
|
37
37
|
var import_defaultConfig = __toESM(require("./defaultConfig.json"));
|
|
38
38
|
var import_UeditorResourceLoader = __toESM(require("./tools/UeditorResourceLoader"));
|
|
39
39
|
var import_lodash = require("lodash");
|
|
40
|
+
var import_filterHtmlNode = require("./tools/filterHtmlNode");
|
|
40
41
|
var LcdpUeditor = class extends import_react.default.Component {
|
|
41
42
|
constructor(props) {
|
|
42
43
|
super(props);
|
|
@@ -83,7 +84,8 @@ var LcdpUeditor = class extends import_react.default.Component {
|
|
|
83
84
|
if (this.props.ueditorPath) {
|
|
84
85
|
this.ueditorPath = this.props.ueditorPath;
|
|
85
86
|
}
|
|
86
|
-
|
|
87
|
+
const nextValue = (0, import_filterHtmlNode.filterHtmlNode)(this.props.value || "");
|
|
88
|
+
this.currentContent = nextValue;
|
|
87
89
|
this.uploadFunction = (file, type) => {
|
|
88
90
|
var _a;
|
|
89
91
|
if (type === "image" && ((_a = this.props.config) == null ? void 0 : _a.imageType) === "base64") {
|
|
@@ -111,7 +113,7 @@ var LcdpUeditor = class extends import_react.default.Component {
|
|
|
111
113
|
this.fileSelect(cb, type);
|
|
112
114
|
},
|
|
113
115
|
uploadFunction: this.uploadFunction,
|
|
114
|
-
initialContent:
|
|
116
|
+
initialContent: nextValue || ""
|
|
115
117
|
};
|
|
116
118
|
this.debounceContentChange = (0, import_lodash.debounce)(this.onContentChange.bind(this), 300);
|
|
117
119
|
}
|
|
@@ -122,7 +124,7 @@ var LcdpUeditor = class extends import_react.default.Component {
|
|
|
122
124
|
if (this.isReady) {
|
|
123
125
|
if ("value" in nextProps && this.currentContent !== nextProps.value) {
|
|
124
126
|
this.isReportFlag = false;
|
|
125
|
-
this.ueditorInst.setContent(nextProps.value || "");
|
|
127
|
+
this.ueditorInst.setContent((0, import_filterHtmlNode.filterHtmlNode)(nextProps.value || ""));
|
|
126
128
|
}
|
|
127
129
|
if (nextProps.disabled !== this.props.disabled) {
|
|
128
130
|
if (nextProps.disabled) {
|
|
@@ -143,7 +145,7 @@ var LcdpUeditor = class extends import_react.default.Component {
|
|
|
143
145
|
if (!this.isReportFlag) {
|
|
144
146
|
this.isReportFlag = true;
|
|
145
147
|
} else if (this.props.onChange) {
|
|
146
|
-
this.currentContent = this.ueditorInst.getContent();
|
|
148
|
+
this.currentContent = (0, import_filterHtmlNode.filterHtmlNode)(this.ueditorInst.getContent() || "");
|
|
147
149
|
this.props.onChange(this.currentContent);
|
|
148
150
|
}
|
|
149
151
|
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const filterHtmlNode: (str: string) => string;
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
var __defProp = Object.defineProperty;
|
|
2
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
3
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
4
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
5
|
+
var __export = (target, all) => {
|
|
6
|
+
for (var name in all)
|
|
7
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
8
|
+
};
|
|
9
|
+
var __copyProps = (to, from, except, desc) => {
|
|
10
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
11
|
+
for (let key of __getOwnPropNames(from))
|
|
12
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
13
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
14
|
+
}
|
|
15
|
+
return to;
|
|
16
|
+
};
|
|
17
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
18
|
+
|
|
19
|
+
// src/tools/filterHtmlNode.ts
|
|
20
|
+
var filterHtmlNode_exports = {};
|
|
21
|
+
__export(filterHtmlNode_exports, {
|
|
22
|
+
filterHtmlNode: () => filterHtmlNode
|
|
23
|
+
});
|
|
24
|
+
module.exports = __toCommonJS(filterHtmlNode_exports);
|
|
25
|
+
var filterHtmlNode = (str) => {
|
|
26
|
+
if (typeof str !== "string")
|
|
27
|
+
return str || "";
|
|
28
|
+
const blacklist = ["script", "style", "iframe"];
|
|
29
|
+
const parser = new DOMParser();
|
|
30
|
+
const doc = parser.parseFromString(str, "text/html");
|
|
31
|
+
function cleanNode(node) {
|
|
32
|
+
var _a;
|
|
33
|
+
if (node.nodeType === 1) {
|
|
34
|
+
if (blacklist.indexOf(node.nodeName.toLowerCase()) !== -1) {
|
|
35
|
+
(_a = node.parentNode) == null ? void 0 : _a.removeChild(node);
|
|
36
|
+
return;
|
|
37
|
+
}
|
|
38
|
+
for (let i = node.attributes.length - 1; i >= 0; i -= 1) {
|
|
39
|
+
const attr = node.attributes[i];
|
|
40
|
+
if (attr.name.startsWith("on") || String(node.getAttribute(attr.name)).toLowerCase().indexOf("javascript:") !== -1) {
|
|
41
|
+
node.removeAttribute(attr.name);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
for (let i = 0; i < node.childNodes.length; i += 1) {
|
|
46
|
+
cleanNode(node.childNodes[i]);
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
cleanNode(doc.body);
|
|
50
|
+
return doc.body.innerHTML;
|
|
51
|
+
};
|
|
52
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
53
|
+
0 && (module.exports = {
|
|
54
|
+
filterHtmlNode
|
|
55
|
+
});
|