Pull request #7465: REPORT-91727 对用户输入的参数进行统一校验 DCM仓库也要改下

Merge in DEC/decision-webui-dcm from ~CRAWFORD.ZHOU/decision-webui-dcm:release/11.0 to release/11.0

* commit '18539944944b9ddb5b5e072b169803b8e5f0aa43':
  REPORT-91727 对用户输入的参数进行统一校验 DCM仓库也要改下 feat：产品逻辑变更，要求关键字校验不区分大小写

src/modules/core/checkIllegalStrings/checkIllegalStrings.ts

@@ -18,19 +18,27 @@ export const CHECK_CORRECT: CheckResult = {
 export function checkIllegalStrings(value: string): CheckResult {
     // 后端传入的校验开关，如果没传，那也默认开启
     const enabled = Dec.system.enableParameterVerify ?? true;
+    let result = CHECK_CORRECT;
     if (enabled) {
-        const illegalStringIndex = ILLEGAL_STRINGS.findIndex(s => value.includes(s));
+        // 关键字不区分大小写
-        if (illegalStringIndex === -1) {
+        ILLEGAL_STRINGS.every(s => {
-            return CHECK_CORRECT;
+            const sIndex = value.toLowerCase().indexOf(s);
-        }
+            if (sIndex !== -1) {
+                result = {
+                    legal: false,
+                    errorMsg: `${BI.i18nText("Dec-Basic_Check_Illegal_Strings")}${value.substr(sIndex, s.length)}`,
+                };
 
-        return {
+                return false;
-            legal: false,
+            }
-            errorMsg: `${BI.i18nText("Dec-Basic_Check_Illegal_Strings")}${ILLEGAL_STRINGS[illegalStringIndex]}`,
+
-        };
+            return true;
+        });
+
+        return result;
     }
 
-    return CHECK_CORRECT;
+    return result;
 }
 
 export function checkIllegalStringsInWidgetAndShowError(widget: any) {

src/modules/core/checkIllegalStrings/constant.ts

@@ -1,5 +1,5 @@
 /**
- * 参数检验的非法字符数组
+ * 参数检验的非法字符数组，由于不区分大小写，统一用小写
  */
 export const ILLEGAL_STRINGS = [
     "\"",
@@ -9,7 +9,7 @@ export const ILLEGAL_STRINGS = [
     "/script",
     "javascript:",
     "onblur",
-    "getRuntime",
+    "getruntime",
-    "ProcessBuilder",
+    "processbuilder",
-    "java.lang.ProcessImpl",
+    "java.lang.processimpl",
 ];