diff --git a/projects/react_blog/blog/package.json b/projects/react_blog/blog/package.json index 9e994223..db9a037b 100644 --- a/projects/react_blog/blog/package.json +++ b/projects/react_blog/blog/package.json @@ -12,6 +12,7 @@ "antd": "^3.26.12", "axios": "^0.19.2", "babel-plugin-import": "^1.13.0", + "dompurify": "^3.0.6", "highlight.js": "^9.18.1", "lodash": "^4.17.15", "markdown-navbar": "^1.4.1", diff --git a/projects/react_blog/blog/pages/detailed.js b/projects/react_blog/blog/pages/detailed.js index 6706973a..e87aac25 100644 --- a/projects/react_blog/blog/pages/detailed.js +++ b/projects/react_blog/blog/pages/detailed.js @@ -15,6 +15,7 @@ import 'markdown-navbar/dist/navbar.css' import 'highlight.js/styles/monokai-sublime.css' import Tocify from '../components/tocify.tsx' import servicePath from '../config/apiConfig' +import DOMPurify from 'dompurify'; const Detailed = (props) => { const tocify = new Tocify() @@ -35,7 +36,10 @@ const Detailed = (props) => { smartypants: false, highlight: code => highlight.highlightAuto(code).value }); - let html = marked(props.content); + + const sanitizedContent = DOMPurify.sanitize(props.content); + + let html = marked(sanitizedContent); return ( <> diff --git a/projects/react_blog/egg-server/app/controller/admin/main.js b/projects/react_blog/egg-server/app/controller/admin/main.js index 7f9bf369..a5d9ec7d 100644 --- a/projects/react_blog/egg-server/app/controller/admin/main.js +++ b/projects/react_blog/egg-server/app/controller/admin/main.js @@ -1,6 +1,7 @@ 'use strict'; const Controller = require('egg').Controller; +const sanitizeHtml = require('sanitize-html'); class MainController extends Controller { @@ -37,6 +38,9 @@ class MainController extends Controller { // 添加文章 async addArticle() { const tmpArticle = this.ctx.request.body; + if (tmpArticle.content) { + tmpArticle.content = sanitizeHtml(tmpArticle.content); + } const result = await this.app.mysql.insert('article', tmpArticle); const isSuccess = result.affectedRows === 1; const insertId = result.insertId; diff --git a/projects/react_blog/egg-server/package.json b/projects/react_blog/egg-server/package.json index 3760f275..cf41796f 100644 --- a/projects/react_blog/egg-server/package.json +++ b/projects/react_blog/egg-server/package.json @@ -10,7 +10,8 @@ "egg": "^2.15.1", "egg-cors": "^2.2.3", "egg-mysql": "^3.0.0", - "egg-scripts": "^2.11.0" + "egg-scripts": "^2.11.0", + "sanitize-html": "^2.11.0" }, "devDependencies": { "autod": "^3.0.1",