Browse Source

textContent是不会处理转义之后的特殊字符的,所以存在特殊字符的时候需要用innerHtml,并且textContent本就可以防xss,那么只需要检测一下是否存在空格就可以了.其他的标签无所谓.

master
dailer 6 years ago
parent
commit
3c4509e620
  1. 4
      src/base/single/text.js

4
src/base/single/text.js

@ -134,9 +134,9 @@ BI.Text = BI.inherit(BI.Single, {
return;
}
if (/&|\"|<|>|\\s/.test(text)) {
this.text.element[0].textContent = BI.htmlEncode(this._getShowText());
this.text.element[0].innerHTML = BI.htmlEncode(this._getShowText());
} else {
this.text.element[0].textContent = this._getShowText();
this.text.element[0].innerHTML = this._getShowText();
}
}
});

Loading…
Cancel
Save