From 8e479885045dd57bca5d4df17525026b5a9eb3a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BB=93=E5=8F=91=E5=8F=97=E9=95=BF=E7=94=9F?= Date: Tue, 15 May 2018 10:53:17 +0800 Subject: [PATCH] =?UTF-8?q?=E7=AB=99=E5=86=85=E6=90=9C=E7=B4=A2=E4=BC=98?= =?UTF-8?q?=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../layout/_partial/header.ejs | 2 +- themes/hexo-theme-xups/source/js/comment.js | 21 +++++++------- .../hexo-theme-xups/source/js/local_search.js | 28 +++++++++---------- 3 files changed, 24 insertions(+), 27 deletions(-) diff --git a/themes/hexo-theme-xups/layout/_partial/header.ejs b/themes/hexo-theme-xups/layout/_partial/header.ejs index 949256b..bc647b5 100644 --- a/themes/hexo-theme-xups/layout/_partial/header.ejs +++ b/themes/hexo-theme-xups/layout/_partial/header.ejs @@ -25,7 +25,7 @@
diff --git a/themes/hexo-theme-xups/source/js/comment.js b/themes/hexo-theme-xups/source/js/comment.js index babf834..e8a218f 100644 --- a/themes/hexo-theme-xups/source/js/comment.js +++ b/themes/hexo-theme-xups/source/js/comment.js @@ -117,14 +117,15 @@ var JELON = window.JELON || {}; } return format; }; - var htmlEncode = function (str) { + /** + * 过滤字符串中的style link script标签, 防止注入 + * @param {String} str 需要处理的字符串 + */ + var htmlFilter = function (str) { if (typeof str !== 'string') return; - str = str.replace(/&/g, '&') - .replace(//g, '>') - .replace(/\"/g, '"') - .replace(/\'/g, ''') - .replace(/ /g, ' '); + str = str.replace(/()/g, '') + .replace(/()/g, '') + .replace(/.*?<\/script>/g, ''); return str; }; @@ -594,8 +595,7 @@ var JELON = window.JELON || {}; removeClass('JELON__editBox', 'show'); addClass('JELON__previewBox', 'show'); var text = $('JELON__editBox').value.trim(); - // 安全转义 - text = htmlEncode(text); + text = htmlFilter(text); if (text) { JL.Requests.markdown({ text: text, @@ -617,8 +617,7 @@ var JELON = window.JELON || {}; return; } var body = $('JELON__editBox').value.trim(); - // 安全转义 - body = htmlEncode(body); + body = htmlFilter(body); if (body) { JL.Renders.loading.create(); if (JL.issueNumber !== 0) { diff --git a/themes/hexo-theme-xups/source/js/local_search.js b/themes/hexo-theme-xups/source/js/local_search.js index 370bdc5..d6b93d8 100644 --- a/themes/hexo-theme-xups/source/js/local_search.js +++ b/themes/hexo-theme-xups/source/js/local_search.js @@ -49,22 +49,20 @@ new Vue({ var index_title = -1; var index_content = -1; var first_occur = -1; //关键字在正文当中第一次出现的位置 - if(title && content) { - keywords.forEach(function(keyword, i) { - index_title = title.indexOf(keyword); - index_content = content.indexOf(keyword); - if( index_title < 0 && index_content < 0 ){ - isMatch = false; - } else { - if (index_content < 0) { - index_content = 0; - } - if (i == 0) { - first_occur = index_content; - } + keywords.forEach(function(keyword, i) { + index_title = title ? title.indexOf(keyword) : -1; + index_content = content ? content.indexOf(keyword) : -1; + if( index_title < 0 && index_content < 0 ){ + isMatch = false; + } else { + if (index_content < 0) { + index_content = 0; } - }); - } + if (i == 0) { + first_occur = index_content; + } + } + }); if (isMatch) { var resultItem = {}; resultItem.url = article.url;