优化xss 攻击 公告详情页面完成

WebService/src/main/resources/components/noticePackage/addNoticeView/addNoticeView.js

@@ -57,8 +57,8 @@
                         },
                         {
                             limit:"maxLength",
-                            param:"500",
-                            errInfo:"公告内容不能超过500个字"
+                            param:"10000",
+                            errInfo:"公告内容不能超过10000个字"
                         },
                     ],
                     'addNoticeViewInfo.startTime':[

WebService/src/main/resources/components/noticePackage/editNoticeView/editNoticeView.js

@@ -18,10 +18,12 @@
          _initEvent:function(){
              vc.on('editNoticeViewInfo','openEditNoticeModal',function(_params){
                 vc.component.refreshEditNoticeInfo();
+                _params.context = filterXSS(_params.context);
                 vc.component.editNoticeInfo = _params;
             });
             vc.on('editNoticeViewInfo','noticeEditNoticeInfo',function(_params){
                 vc.component.refreshEditNoticeInfo();
+                _params.context = filterXSS(_params.context);
                 vc.copyObject(_params,vc.component.editNoticeViewInfo);
                 $(".eidtSummernote").summernote('code', vc.component.editNoticeViewInfo.context);
             });
@@ -63,10 +65,10 @@
                             errInfo:"公告内容不能为空"
                         },
  {
-                            limit:"maxLength",
-                            param:"500",
-                            errInfo:"公告内容不能超过500个字"
-                        },
+                             limit:"maxLength",
+                             param:"10000",
+                             errInfo:"公告内容不能超过10000个字"
+                         },
                     ],
                     'editNoticeViewInfo.startTime':[
                     {

WebService/src/main/resources/components/noticePackage/noticeDetail/noticeDetail.html

@@ -1,14 +1,20 @@
 <div id="component">
     <div class="row">
-        <div class="col-lg-10 col-lg-offset-1">
+        <div class="col-lg-12 col-lg-offset-1">
             <div class="ibox">
                 <div class="ibox-content">
                     <div class="text-center article-title">
-                        <span class="text-muted"><i class="fa fa-clock-o"></i> {{noticeDetailInfo.createTime}}</span>
                         <h1>
                             {{noticeDetailInfo.title}}
                         </h1>
+                        <span class="text-muted"><i class="fa fa-clock-o"></i> {{noticeDetailInfo.createTime}}</span>
                     </div>
+
+
+                    <div v-html="noticeDetailInfo.context"></div>
+
+
+                    <hr/>
                     <div class="row">
                         <div class="col-md-6">
                             <h5>开始时间:</h5>
@@ -22,10 +28,6 @@
                         </div>
                     </div>
 
-                    <p>
-                        {{noticeDetailInfo.context}}
-                    </p>
-
                 </div>
             </div>
         </div>

WebService/src/main/resources/components/noticePackage/noticeDetail/noticeDetail.js

@@ -45,8 +45,10 @@
                              function(json,res){
                                 var _noticeDetailInfo=JSON.parse(json);
 
-                                var _notices = _noticeManageInfo.notices;
+                                var _notices = _noticeDetailInfo.notices;
                                 if(_notices.length >0){
+                                    //filterXSS
+                                    _notices[0].context = filterXSS(_notices[0].context);
                                     vc.copyObject(_notices[0], vc.component.noticeDetailInfo);
                                 }
 
@@ -55,6 +57,7 @@
                              }
                            );
             }
+
         }
     });
 })(window.vc);

WebService/src/main/resources/static/css/style.css

@@ -6391,7 +6391,7 @@ dd.project-people {
 }
 .article-title {
   text-align: center;
-  margin: 40px 0 100px 0;
+  margin: 40px 0 60px 0;
 }
 .article .ibox-content {
   padding: 40px;

WebService/src/main/resources/views/noticeDetailFlow.html

@@ -7,6 +7,7 @@
     <meta charset="UTF-8"/>
     <title>公告详情|java110</title>
     <vc:create name="commonTop"></vc:create>
+    <script src="/js/plugins/xss/xss.min.js"></script>
 </head>
 <body>
 <vc:create name="bodyTop"></vc:create>
@@ -23,7 +24,7 @@
         </div>
         <!-- id="component" -->
         <div class="wrapper wrapper-content animated fadeInRight" id="component">
-            <!--<vc:create name="noticeManage"></vc:create>-->
+            <vc:create name="noticeDetail"></vc:create>
         </div>
 
         <vc:create name="copyright"></vc:create>

WebService/src/main/resources/views/noticeFlow.html

@@ -11,6 +11,7 @@
     <link href="/css/plugins/summernote/summernote-bs4.min.css" rel="stylesheet">
     <script src="/js/plugins/summernote/summernote-bs4.min.js"></script>
     <script src="/js/plugins/summernote/summernote-zh-CN.min.js"></script>
+    <script src="/js/plugins/xss/xss.min.js"></script>
 </head>
 <body>
 <vc:create name="bodyTop"></vc:create>