perf: fix applet host detail org error

Fixed: Allowed Tag
Fixed: XSS
2026-01-13 19:35:24 +00:00 · 2025-03-27 19:06:45 +08:00 · 2025-03-26 18:21:35 +08:00 · 2025-03-25 18:22:49 +08:00 · 2025-03-25 10:12:53 +08:00 · 2025-03-24 14:16:05 +08:00
9 changed files with 42 additions and 30 deletions
--- a/src/components/Widgets/MarkDown/index.vue
+++ b/src/components/Widgets/MarkDown/index.vue
@@ -53,24 +53,24 @@ export default {
      resizeObserver: null,
      span: 12,
      isShow: true,
-      iValue: this.value
+      iValue: this.sanitizeContent(this.value)
    }
  },
  computed: {
    sanitizedValue() {
-      // 转义特殊字符
-      let content = this.iValue.replace(/\\/g, '\\\\').replace(/\$/g, '\\$')
+      const content = this.iValue.replace(/\\/g, '\\\\').replace(/\$/g, '\\$')

-      // 使用 DOMPurify 进行 XSS 过滤
-      content = DOMPurify.sanitize(content)
-
-      return content
+      return this.sanitizeContent(content)
+    }
+  },
+  watch: {
+    value(newVal) {
+      this.iValue = this.sanitizeContent(newVal)
    }
  },
  mounted() {
    this.$nextTick(() => {
      this.resizeObserver = new ResizeObserver(entries => {
-        // 监听高度变化
        const height = entries[0].target.offsetHeight
        if (height) {
          this.height = height
@@ -90,8 +90,19 @@ export default {
    this.resizeObserver = null
  },
  methods: {
+    sanitizeContent(content) {
+      if (!content) return ''
+
+      return DOMPurify.sanitize(content, {
+        ALLOWED_TAGS: ['p', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ul', 'ol', 'li', 'strong', 'em', 'code', 'pre', 'blockquote', 'a', 'img'],
+        FORBID_TAGS: ['script', 'style', 'iframe', 'frame', 'object', 'embed'],
+        FORBID_ATTR: ['onerror', 'onload', 'onclick', 'onmouseover']
+      })
+    },
    onChange() {
-      this.$emit('change', this.iValue)
+      const sanitizedValue = this.sanitizeContent(this.iValue)
+      this.iValue = sanitizedValue
+      this.$emit('change', sanitizedValue)
    },
    onView() {
      this.isShow = !this.isShow
--- a/src/router/console/acls.js
+++ b/src/router/console/acls.js
@@ -25,7 +25,8 @@ export default [
          title: i18n.t('UserLoginACLs'),
          app: 'acls',
          resource: 'loginacl',
-          disableOrgsChange: true
+          disableOrgsChange: true,
+          licenseRequired: true
        },
        children: [
          {
--- a/src/views/assets/Asset/AssetCreateUpdate/BaseAssetCreateUpdate.vue
+++ b/src/views/assets/Asset/AssetCreateUpdate/BaseAssetCreateUpdate.vue
@@ -67,7 +67,7 @@ export default {
        fieldsMeta: {},
        performSubmit(validValues) {
          let url = this.url
-          const { id = '' } = this.$route.query
+          const { id = '' } = this.$route.params
          const values = _.cloneDeep(validValues)
          const submitMethod = id ? 'put' : 'post'

--- a/src/views/assets/Asset/AssetList/components/BaseList.vue
+++ b/src/views/assets/Asset/AssetList/components/BaseList.vue
@@ -216,16 +216,18 @@ export default {
  methods: {
    async updateOrCloneAsset(row, action) {
      this.createDrawer = this.drawer[row.category.value]
-      const meta = {
-        action: action,
-        id: row.id,
+
+      const query = {
        platform: row.platform.id,
        type: row.type.value,
-        category: row.category.value,
-        row: row,
-        payload: row.payload
+        category: row.category.value
      }
-      this.$refs.ListTable.onUpdate({ row, query: meta })
+
+      if (action === 'clone') {
+        return this.$refs.ListTable.onClone({ row, query })
+      }
+
+      this.$refs.ListTable.onUpdate({ row, query })
    },
    createAsset(platform) {
      this.showPlatform = false
--- a/src/views/assets/Asset/AssetList/components/const.js
+++ b/src/views/assets/Asset/AssetList/components/const.js
@@ -194,7 +194,7 @@ export function getDefaultConfig(vm) {
        formatter: ActionsFormatter,
        formatterArgs: {
          onUpdate: ({ row }) => onAction(row, 'Update'),
-          onClone: ({ row }) => onAction({ ...row, payload: 'pam_asset_clone' }, 'Clone'),
+          onClone: ({ row }) => onAction(row, 'Clone'),
          performDelete: ({ row }) => {
            const id = row.id
            const url = `/api/v1/assets/assets/${id}/`
--- a/src/views/assets/Platform/tsconfig.json
+++ b/src/views/assets/Platform/tsconfig.json
@@ -1,10 +0,0 @@
-{
-  "compilerOptions": {
-    "module": "commonjs",
-    "target": "es5",
-    "sourceMap": true
-  },
-  "exclude": [
-    "node_modules"
-  ]
-}
--- a/src/views/settings/Applet/Applet/AppletList.vue
+++ b/src/views/settings/Applet/Applet/AppletList.vue
@@ -57,6 +57,9 @@ export default {
      }
    }
  },
+  mounted() {
+    this.$store.dispatch('users/enterSettingOrg')
+  },
  methods: {
    handleUpload(res) {
      this.$refs.CardTable.reloadTable()
--- a/src/views/settings/Applet/AppletHost/AppletHostCreateUpdate.vue
+++ b/src/views/settings/Applet/AppletHost/AppletHostCreateUpdate.vue
@@ -75,6 +75,7 @@ export default {
    }
  },
  async mounted() {
+    this.$route.query.platform = 'RemoteAppHost'
    this.loading = false
  },
  methods: {}
--- a/src/views/settings/Applet/AppletHost/AppletHostList.vue
+++ b/src/views/settings/Applet/AppletHost/AppletHostList.vue
@@ -23,6 +23,7 @@ export default {
    DrawerListTable
  },
  data() {
+    const appletRouteQuery = { type: 'windows', category: 'host', platform: 'RemoteAppHost' }
    return {
      createDrawer: () => import('./AppletHostCreateUpdate.vue'),
      detailDrawer: () => import('./AppletHostDetail/index.vue'),
@@ -68,6 +69,9 @@ export default {
                const url = `/api/v1/terminal/applet-hosts/${id}/`
                return this.$axios.delete(url)
              },
+              onUpdate: ({ row }) => {
+                this.$refs.table.onUpdate({ row: row, query: appletRouteQuery })
+              },
              extraActions: [
                {
                  name: 'Test',
@@ -93,7 +97,7 @@ export default {
        hasExport: false,
        hasImport: false,
        onCreate: () => {
-          this.$refs.table.onCreate({ type: 'windows', category: 'host', platform: 'RemoteAppHost' })
+          this.$refs.table.onCreate({ query: appletRouteQuery })
        }
      }
    }
Author	SHA1	Message	Date
ibuler	c9c2a37f30	perf: fix applet host detail org error	2025-03-27 19:06:45 +08:00
zhaojisen	c1fda10620	Fixed: Allowed Tag	2025-03-26 18:21:35 +08:00
zhaojisen	df1a0228d9	Fixed: XSS	2025-03-25 18:22:49 +08:00
ibuler	959ae0bb2c	fix: applet host update error	2025-03-25 10:12:53 +08:00
zhaojisen	2b22c90701	Fixed: Clone Asset	2025-03-24 14:16:05 +08:00
ibuler	6d16473e4b	fix: applet host create protocol err	2025-03-24 14:03:40 +08:00
feng	c046c28f6d	perf: Login acl license	2025-03-21 14:24:53 +08:00