Browse Source

Pull request #1623: 无JIRA任务 CVE-2020-11022 CVE-2020-11023 处理jquery的两个安全漏洞

Merge in VISUAL/fineui from ~GUY/fineui:master to master

* commit '8915bc936a3ef350dae89b4f2b3563cda6e90bd9':
  处理jquery的两个安全漏洞
es6
guy 4 years ago
parent
commit
d774654fbb
  1. 7
      src/core/platform/web/jquery/_jquery.js

7
src/core/platform/web/jquery/_jquery.js vendored

@ -5839,7 +5839,7 @@ var nodeNames = "abbr|article|aside|audio|bdi|canvas|data|datalist|details|figca
rinlinejQuery = / jQuery\d+="(?:null|\d+)"/g, rinlinejQuery = / jQuery\d+="(?:null|\d+)"/g,
rnoshimcache = new RegExp("<(?:" + nodeNames + ")[\\s/>]", "i"), rnoshimcache = new RegExp("<(?:" + nodeNames + ")[\\s/>]", "i"),
rleadingWhitespace = /^\s+/, rleadingWhitespace = /^\s+/,
rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi, // rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,
rtagName = /<([\w:]+)/, rtagName = /<([\w:]+)/,
rtbody = /<tbody/i, rtbody = /<tbody/i,
rhtml = /<|&#?\w+;/, rhtml = /<|&#?\w+;/,
@ -6054,7 +6054,7 @@ jQuery.fn.extend({
( jQuery.support.leadingWhitespace || !rleadingWhitespace.test( value ) ) && ( jQuery.support.leadingWhitespace || !rleadingWhitespace.test( value ) ) &&
!wrapMap[ ( rtagName.exec( value ) || ["", ""] )[1].toLowerCase() ] ) { !wrapMap[ ( rtagName.exec( value ) || ["", ""] )[1].toLowerCase() ] ) {
value = value.replace( rxhtmlTag, "<$1></$2>" ); // value = value.replace( rxhtmlTag, "<$1></$2>" );
try { try {
for (; i < l; i++ ) { for (; i < l; i++ ) {
@ -6468,7 +6468,8 @@ jQuery.extend({
tag = ( rtagName.exec( elem ) || ["", ""] )[1].toLowerCase(); tag = ( rtagName.exec( elem ) || ["", ""] )[1].toLowerCase();
wrap = wrapMap[ tag ] || wrapMap._default; wrap = wrapMap[ tag ] || wrapMap._default;
tmp.innerHTML = wrap[1] + elem.replace( rxhtmlTag, "<$1></$2>" ) + wrap[2]; // tmp.innerHTML = wrap[1] + elem.replace( rxhtmlTag, "<$1></$2>" ) + wrap[2];
tmp.innerHTML = wrap[1] + elem + wrap[2];
// Descend through wrappers to the right content // Descend through wrappers to the right content
j = wrap[0]; j = wrap[0];

Loading…
Cancel
Save