npm - ecinc-cloud-wappaio - Versions diffs - 9.6.518 → 9.6.519 - Mend

ecinc-cloud-wappaio 9.6.518 → 9.6.519

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/ecwappaio.common.js CHANGED Viewed

@@ -145492,7 +145492,7 @@ service.interceptors.request.use(function (config) {
   } else if (window.productCode && location.href.indexOf('productCode') === -1) {
     config.headers['productCode'] = window.productCode;
   }
-  config.headers['ecweb-csrf-token'] = decodeURIComponent(sessionStorage.getItem('ecweb-csrf-token')) || '';
+  config.headers['ecweb-csrf-token'] = decodeURIComponent(sessionStorage.getItem('ecweb-csrf-token') || '');
   var language = (0,lang/* getLanguage */.Z0)();
   if (language === 'en') {
     language = 'en-US';
@@ -185416,6 +185416,97 @@ external_commonjs_vue_commonjs2_vue_root_Vue_default().directive('wfidea-lbl', {
     wfIdeaLblI18nFunc(el, binding, vnode);
   }
 });
+;// CONCATENATED MODULE: ./packages/common/directive/escaped-html/index.js
+function escapedHtml(htmlStr) {
+  if (typeof htmlStr !== 'string') {
+    return '';
+  }
+  // 1. 基本转义
+  var basic = htmlStr.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;').replace(/`/g, '&#96;');
+  // 2. 特殊危险模式处理
+  var patterns = [
+  // 事件处理器
+  {
+    regex: /\bon\w+\s*=\s*["'][^"']*["']/gi,
+    replace: ': '
+  }, {
+    regex: /\bon\w+\s*=\s*[^\s>]+/gi,
+    replace: '='
+  },
+  // JavaScript 协议
+  {
+    regex: /javascript:/gi,
+    escape: ':'
+  }, {
+    regex: /data:/gi,
+    escape: ':'
+  }, {
+    regex: /vbscript:/gi,
+    escape: ':'
+  },
+  // 十六进制/八进制编码
+  {
+    regex: /&#x?[0-9a-f]+;/gi,
+    decode: true
+  },
+  // CSS 危险表达式
+  {
+    regex: /expression\s*\(/gi,
+    escape: '('
+  }, {
+    regex: /url\s*\(\s*["']?javascript:/gi,
+    escape: ':'
+  },
+  // HTML5 新事件
+  {
+    regex: /onpointer\w+/gi,
+    replace: 'on'
+  }, {
+    regex: /ontouch\w+/gi,
+    replace: 'on'
+  },
+  // 内联样式中的 JavaScript
+  {
+    regex: /style\s*=\s*["'][^"']*javascript:[^"']*["']/gi,
+    escape: ':'
+  }];
+  var result = basic;
+  patterns.forEach(function (_ref) {
+    var regex = _ref.regex,
+      replace = _ref.replace,
+      escape = _ref.escape,
+      decode = _ref.decode;
+    result = result.replace(regex, function (match) {
+      if (decode) {
+        // 处理 HTML 实体编码
+        var temp = document.createElement('div');
+        temp.innerHTML = match;
+        return temp.textContent;
+      } else if (replace) {
+        // 替换特定部分
+        return match.replace(new RegExp(replace, 'g'), replace === ':' ? '&#58;' : replace === '=' ? '&#61;' : replace === '(' ? '&#40;' : replace === 'on' ? '&#111;n' : replace);
+      } else if (escape) {
+        // 转义特定字符
+        return match.replace(new RegExp(escape, 'g'), escape === ':' ? '&#58;' : escape === '(' ? '&#40;' : '');
+      }
+      return match;
+    });
+  });
+  return result;
+}
+external_commonjs_vue_commonjs2_vue_root_Vue_default().directive('escaped-html', {
+  inserted: function inserted(el, binding, vnode) {
+    el.innerHTML = escapedHtml(binding.value);
+  },
+  componentUpdated: function componentUpdated(el, binding, vnode) {
+    if (binding.value !== binding.oldValue) {
+      el.innerHTML = escapedHtml(binding.value);
+    }
+  }
+});
 ;// CONCATENATED MODULE: ./packages/common/directive/index.js
@@ -185426,6 +185517,7 @@ external_commonjs_vue_commonjs2_vue_root_Vue_default().directive('wfidea-lbl', {
 ;// CONCATENATED MODULE: ./packages/ecwapp/Directive/select-dialog/index.js

package/lib/ecwappaio.umd.js CHANGED Viewed

@@ -145502,7 +145502,7 @@ service.interceptors.request.use(function (config) {
   } else if (window.productCode && location.href.indexOf('productCode') === -1) {
     config.headers['productCode'] = window.productCode;
   }
-  config.headers['ecweb-csrf-token'] = decodeURIComponent(sessionStorage.getItem('ecweb-csrf-token')) || '';
+  config.headers['ecweb-csrf-token'] = decodeURIComponent(sessionStorage.getItem('ecweb-csrf-token') || '');
   var language = (0,lang/* getLanguage */.Z0)();
   if (language === 'en') {
     language = 'en-US';
@@ -185426,6 +185426,97 @@ external_commonjs_vue_commonjs2_vue_root_Vue_default().directive('wfidea-lbl', {
     wfIdeaLblI18nFunc(el, binding, vnode);
   }
 });
+;// CONCATENATED MODULE: ./packages/common/directive/escaped-html/index.js
+function escapedHtml(htmlStr) {
+  if (typeof htmlStr !== 'string') {
+    return '';
+  }
+  // 1. 基本转义
+  var basic = htmlStr.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#39;').replace(/\//g, '&#x2F;').replace(/`/g, '&#96;');
+  // 2. 特殊危险模式处理
+  var patterns = [
+  // 事件处理器
+  {
+    regex: /\bon\w+\s*=\s*["'][^"']*["']/gi,
+    replace: ': '
+  }, {
+    regex: /\bon\w+\s*=\s*[^\s>]+/gi,
+    replace: '='
+  },
+  // JavaScript 协议
+  {
+    regex: /javascript:/gi,
+    escape: ':'
+  }, {
+    regex: /data:/gi,
+    escape: ':'
+  }, {
+    regex: /vbscript:/gi,
+    escape: ':'
+  },
+  // 十六进制/八进制编码
+  {
+    regex: /&#x?[0-9a-f]+;/gi,
+    decode: true
+  },
+  // CSS 危险表达式
+  {
+    regex: /expression\s*\(/gi,
+    escape: '('
+  }, {
+    regex: /url\s*\(\s*["']?javascript:/gi,
+    escape: ':'
+  },
+  // HTML5 新事件
+  {
+    regex: /onpointer\w+/gi,
+    replace: 'on'
+  }, {
+    regex: /ontouch\w+/gi,
+    replace: 'on'
+  },
+  // 内联样式中的 JavaScript
+  {
+    regex: /style\s*=\s*["'][^"']*javascript:[^"']*["']/gi,
+    escape: ':'
+  }];
+  var result = basic;
+  patterns.forEach(function (_ref) {
+    var regex = _ref.regex,
+      replace = _ref.replace,
+      escape = _ref.escape,
+      decode = _ref.decode;
+    result = result.replace(regex, function (match) {
+      if (decode) {
+        // 处理 HTML 实体编码
+        var temp = document.createElement('div');
+        temp.innerHTML = match;
+        return temp.textContent;
+      } else if (replace) {
+        // 替换特定部分
+        return match.replace(new RegExp(replace, 'g'), replace === ':' ? '&#58;' : replace === '=' ? '&#61;' : replace === '(' ? '&#40;' : replace === 'on' ? '&#111;n' : replace);
+      } else if (escape) {
+        // 转义特定字符
+        return match.replace(new RegExp(escape, 'g'), escape === ':' ? '&#58;' : escape === '(' ? '&#40;' : '');
+      }
+      return match;
+    });
+  });
+  return result;
+}
+external_commonjs_vue_commonjs2_vue_root_Vue_default().directive('escaped-html', {
+  inserted: function inserted(el, binding, vnode) {
+    el.innerHTML = escapedHtml(binding.value);
+  },
+  componentUpdated: function componentUpdated(el, binding, vnode) {
+    if (binding.value !== binding.oldValue) {
+      el.innerHTML = escapedHtml(binding.value);
+    }
+  }
+});
 ;// CONCATENATED MODULE: ./packages/common/directive/index.js
@@ -185436,6 +185527,7 @@ external_commonjs_vue_commonjs2_vue_root_Vue_default().directive('wfidea-lbl', {
 ;// CONCATENATED MODULE: ./packages/ecwapp/Directive/select-dialog/index.js