Browse Source

textContent是不会处理转义之后的特殊字符的,所以存在特殊字符的时候需要用innerHtml,并且textContent本就可以防xss,那么只需要检测一下是否存在空格就可以了.其他的标签无所谓.

es6
dailer 6 years ago
parent
commit
3c4509e620
  1. 4
      src/base/single/text.js

4
src/base/single/text.js

@ -134,9 +134,9 @@ BI.Text = BI.inherit(BI.Single, {
return; return;
} }
if (/&|\"|<|>|\\s/.test(text)) { if (/&|\"|<|>|\\s/.test(text)) {
this.text.element[0].textContent = BI.htmlEncode(this._getShowText()); this.text.element[0].innerHTML = BI.htmlEncode(this._getShowText());
} else { } else {
this.text.element[0].textContent = this._getShowText(); this.text.element[0].innerHTML = this._getShowText();
} }
} }
}); });

Loading…
Cancel
Save