完善xss正则表达式,处理on前面是/的问题;完善beetl的xss格式化,默认使用非html文本处理
This commit is contained in:
thinkgem
@@ -6,7 +6,7 @@
|
||||
<script src="${ctxStatic}/modules/sys/leftMenu.js"></script>
|
||||
</div>
|
||||
<div class="pull-left info">
|
||||
<p>${user.userName}</p>
|
||||
<p>${user.userName,xss}</p>
|
||||
<a href="javascript:"><i class="fa fa-circle text-success"></i> ${text('在线')}</a>
|
||||
<a href="${ctx}/logout"><i class="fa fa-sign-out text-danger"></i> ${text('注销')}</a>
|
||||
</div>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<% if(toBoolean(switchOffice!)){ %>
|
||||
<li>
|
||||
<a href="javascript:" id="switchOffice">
|
||||
<i class="fa icon-grid" style="font-size:13px;"></i> ${officeName!}
|
||||
<i class="fa icon-grid" style="font-size:13px;"></i> ${officeName!,xss}
|
||||
</a>
|
||||
<div class="hide"><#form:treeselect id="switchOfficeSelect" title="${text('部门切换')}" allowClear="true"
|
||||
url="${ctx}/sys/empUser/officeListData?isShowCode=true" callbackFuncName="switchOfficeSelectCallback"
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<li class="dropdown user-menu mr5">
|
||||
<a href="javascript:" class="dropdown-toggle" data-toggle="dropdown" data-hover="dropdown">
|
||||
<img src="${@user.getAvatarUrl().replaceFirst('/ctxPath', ctxPath)}" class="user-image">
|
||||
<span class="hidden-xs">${user.userName}</span>
|
||||
<span class="hidden-xs">${user.userName,xss}</span>
|
||||
</a>
|
||||
<ul class="dropdown-menu">
|
||||
<li class="mt5">
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
<div class="box-body box-profile">
|
||||
<img id="avatarImg" class="profile-user-img img-responsive img-circle"
|
||||
src="${@user.getAvatarUrl().replaceFirst('/ctxPath', ctxPath)}?__t=${date().time}">
|
||||
<h3 class="profile-username text-center">${user.userName}</h3>
|
||||
<h3 class="profile-username text-center">${user.userName,xss}</h3>
|
||||
<p class="text-muted text-center">
|
||||
<#form:radio path="sex" dictType="sys_user_sex" class="form-control required"/>
|
||||
</p>
|
||||
|
||||
Reference in New Issue
Block a user