diff --git a/src/modules/core/checkIllegalStrings/checkIllegalStrings.ts b/src/modules/core/checkIllegalStrings/checkIllegalStrings.ts new file mode 100644 index 0000000..696d8fb --- /dev/null +++ b/src/modules/core/checkIllegalStrings/checkIllegalStrings.ts @@ -0,0 +1,44 @@ +/* + https://work.fineres.com/browse/REPORT-91724 用于参数统一校验 + */ +import { ILLEGAL_STRINGS } from "./constant"; +export type CheckResult = { + legal: boolean, + errorMsg: string, +} +export const CHECK_CORRECT: CheckResult = { + legal: true, + errorMsg: "", +}; + +/** + * 检测非法字符,返回错误提示 + * @param value 要校验的字符串 + */ +export function checkIllegalStrings(value: string): CheckResult { + // 后端传入的校验开关,如果没传,那也默认开启 + const enabled = Dec.system.enableParameterVerify ?? true; + if (enabled) { + const illegalStringIndex = ILLEGAL_STRINGS.findIndex(s => value.includes(s)); + if (illegalStringIndex === -1) { + return CHECK_CORRECT; + } + + return { + legal: false, + errorMsg: `${BI.i18nText("Dec-Basic_Check_Illegal_Strings")}${ILLEGAL_STRINGS[illegalStringIndex]}`, + }; + } + + return CHECK_CORRECT; +} + +export function checkIllegalStringsInWidgetAndShowError(widget: any) { + const value = widget.getValue(); + const result = checkIllegalStrings(value); + if (!result.legal) { + widget.showError(result.errorMsg); + } + + return result.legal; +} diff --git a/src/modules/core/checkIllegalStrings/constant.ts b/src/modules/core/checkIllegalStrings/constant.ts new file mode 100644 index 0000000..a034a3f --- /dev/null +++ b/src/modules/core/checkIllegalStrings/constant.ts @@ -0,0 +1,15 @@ +/** + * 参数检验的非法字符数组 + */ +export const ILLEGAL_STRINGS = [ + "\"", + "<", + ">", + "&", + "/script", + "javascript:", + "onblur", + "getRuntime", + "ProcessBuilder", + "java.lang.ProcessImpl", +]; diff --git a/src/modules/core/index.ts b/src/modules/core/index.ts new file mode 100644 index 0000000..efe056c --- /dev/null +++ b/src/modules/core/index.ts @@ -0,0 +1 @@ +export { checkIllegalStringsInWidgetAndShowError, checkIllegalStrings } from "./checkIllegalStrings/checkIllegalStrings" diff --git a/src/modules/pages/connection/list/list_item/list_item.ts b/src/modules/pages/connection/list/list_item/list_item.ts index 60736d3..e61114c 100644 --- a/src/modules/pages/connection/list/list_item/list_item.ts +++ b/src/modules/pages/connection/list/list_item/list_item.ts @@ -7,6 +7,7 @@ import { connectionCanEdit, getTextByDatabaseType, getChartLength } from '../../ import { testConnection } from '../../../maintain/forms/form.server'; import { DownListCombo, Label, SignEditor } from '@fui/core'; import { ApiFactory } from '../../../../crud/apiFactory'; +import { checkIllegalStrings } from "@core/index"; const api = new ApiFactory().create(); @@ -89,6 +90,17 @@ export class ListItem extends BI.BasicButton { return; } + const result = checkIllegalStrings(newName); + if (!result.legal) { + BI.Msg.toast(result.errorMsg, { + level: 'error', + }); + this.store.setIsEdit(false, name); + this.nameLabel.setText(name); + this.nameEditor.setValue(name); + + return; + } this.store.changeName(name, newName).then(re => { this.store.setIsEdit(false, name); if (re.errorCode) { diff --git a/src/modules/pages/maintain/forms/form.ts b/src/modules/pages/maintain/forms/form.ts index 609b880..4039f81 100644 --- a/src/modules/pages/maintain/forms/form.ts +++ b/src/modules/pages/maintain/forms/form.ts @@ -8,6 +8,7 @@ import { ConnectionJDBC, Connection, ResultType } from 'src/modules/crud/crud.ty import { DEFAULT_JNDI_DATA, DEFAULT_JDBC_POOL, DATEBASE_FILTER_TYPE } from '@constants/constant'; import { getJdbcDatabaseType, getChartLength } from '../../../app.service'; import { NAME_MAX_LENGTH } from '../../../app.constant'; +import { checkIllegalStrings } from "@core/index"; @shortcut() @store(MaintainFormModel) @@ -209,6 +210,12 @@ export class MaintainForm extends BI.Widget { if (this.form.validation && !this.form.validation()) { return false; } + const result = checkIllegalStrings(value.connectionName); + if (!result.legal) { + this.setFromError(result.errorMsg); + + return false; + } return true; }