diff --git a/modules/request.js b/modules/request.js index 052ba53e..c3bb700f 100644 --- a/modules/request.js +++ b/modules/request.js @@ -192,7 +192,7 @@ class Request { _request.send = _request.field; for (var key in _postData) { if (_postData.hasOwnProperty(key)) { - let _tmp = encodeURIComponent(_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) { + let _tmp = (_postData[key]).replace(/asunescape\((.+?)\)/g, function ($, $1) { return unescape($1) }); _postarr[key] = _tmp; diff --git a/source/app.entry.js b/source/app.entry.js index a17232f7..5517588f 100644 --- a/source/app.entry.js +++ b/source/app.entry.js @@ -37,6 +37,24 @@ const antSword = window.antSword = { } return _html; }, + /** + * unxss + * @param {String} html 转义的字符串 + * @param {Boolean} wrap 是否反转义换行 + * @return {String} 反转义后的字符串 + */ + unxss: (html = '', wrap = true) => { + let _html = String(html) + .replace(/'/g, "'") + .replace(/>/g, ">") + .replace(/</g, "<") + .replace(/"/g, '"') + .replace(/&/g, "&"); + if (wrap) { + _html = _html.replace(//g, '\n'); // 只替换 noxss 转义过的 + } + return _html; + }, /** * 终端日志数据 * @type {Array} diff --git a/source/core/base.js b/source/core/base.js index facc521e..862f268c 100644 --- a/source/core/base.js +++ b/source/core/base.js @@ -303,8 +303,8 @@ class Base { let text = antSword.Decodes.decode(buff, encoding); return res({ 'encoding': encoding || "", - 'text': text, - 'buff': buff + 'text': antSword.noxss(text, false), + 'buff': Buffer.from(antSword.noxss(buff.toString()), false) }); }) // HTTP请求返回字节流 diff --git a/source/modules/database/asp/index.js b/source/modules/database/asp/index.js index b9cd56c8..70201954 100644 --- a/source/modules/database/asp/index.js +++ b/source/modules/database/asp/index.js @@ -553,11 +553,11 @@ class ASP { return }; const _db = Buffer - .from(_) + .from(antSword.unxss(_)) .toString('base64'); this .tree - .insertNewItem(`conn::${id}`, `database::${id}:${_db}`, antSword.noxss(_), null, this.manager.list.imgs[1], this.manager.list.imgs[1], this.manager.list.imgs[1]); + .insertNewItem(`conn::${id}`, `database::${id}:${_db}`, _, null, this.manager.list.imgs[1], this.manager.list.imgs[1], this.manager.list.imgs[1]); }); this .manager @@ -613,11 +613,11 @@ class ASP { return }; const _table = Buffer - .from(_) + .from(antSword.unxss(_)) .toString('base64'); this .tree - .insertNewItem(`database::${id}:${_db}`, `table::${id}:${_db}:${_table}`, antSword.noxss(_), null, this.manager.list.imgs[2], this.manager.list.imgs[2], this.manager.list.imgs[2]); + .insertNewItem(`database::${id}:${_db}`, `table::${id}:${_db}:${_table}`, _, null, this.manager.list.imgs[2], this.manager.list.imgs[2], this.manager.list.imgs[2]); }); this .manager @@ -692,8 +692,9 @@ class ASP { if (!_) { return }; + _ = antSword.unxss(_); const _column = Buffer - .from(_.substr(0, _.length - _.lastIndexOf(' '))) + .from(_.substr(0, _.lastIndexOf(' '))) .toString('base64'); this .tree @@ -782,10 +783,7 @@ class ASP { return toastr.error(LANG['result']['error']['parse'], LANG_T['error']); }; // 3.行头 - let header_arr = antSword - .noxss(arr[0]) - .replace(/,/g, ',') - .split('\t|\t'); + let header_arr = (arr[0]).replace(/,/g, ',').split('\t|\t'); if (header_arr.length === 1) { return toastr.warning(LANG['result']['error']['noresult'], LANG_T['warning']); }; @@ -797,9 +795,6 @@ class ASP { let data_arr = []; arr.map((_) => { let _data = _.split('\t|\t'); - for (let i = 0; i < _data.length; i++) { - _data[i] = antSword.noxss(_data[i], false); - } data_arr.push(_data); }); data_arr.pop(); diff --git a/source/modules/database/custom/index.js b/source/modules/database/custom/index.js index a41e9ac9..9e86ec9f 100644 --- a/source/modules/database/custom/index.js +++ b/source/modules/database/custom/index.js @@ -516,11 +516,7 @@ class CUSTOM { // 获取数据库列表 getDatabases(id) { - this - .manager - .list - .layout - .progressOn(); + this.manager.list.layout.progressOn(); // 获取配置 const conf = antSword['ipcRenderer'].sendSync('shell-getDataConf', { _id: this.manager.opt['_id'], @@ -546,20 +542,14 @@ class CUSTOM { .progressOff(); }; // 删除子节点 - this - .tree - .deleteChildItems(`conn::${id}`); + this.tree.deleteChildItems(`conn::${id}`); // 添加子节点 arr.map((_) => { if (!_) { return }; - const _db = Buffer - .from(_) - .toString('base64'); - this - .tree - .insertNewItem(`conn::${id}`, `database::${id}:${_db}`, antSword.noxss(_), null, this.manager.list.imgs[1], this.manager.list.imgs[1], this.manager.list.imgs[1]); + const _db = Buffer.from(antSword.unxss(_)).toString('base64'); + this.tree.insertNewItem(`conn::${id}`, `database::${id}:${_db}`, _, null, this.manager.list.imgs[1], this.manager.list.imgs[1], this.manager.list.imgs[1]); }); this .manager @@ -600,24 +590,20 @@ class CUSTOM { .then((res) => { let ret = res['text']; const arr = ret.split('\t'); - const _db = Buffer - .from(db) - .toString('base64'); + const _db = Buffer.from(db).toString('base64'); // 删除子节点 - this - .tree - .deleteChildItems(`database::${id}:${_db}`); + this.tree.deleteChildItems(`database::${id}:${_db}`); // 添加子节点 arr.map((_) => { if (!_) { return }; const _table = Buffer - .from(_) + .from(antSword.unxss(_)) .toString('base64'); this .tree - .insertNewItem(`database::${id}:${_db}`, `table::${id}:${_db}:${_table}`, antSword.noxss(_), null, this.manager.list.imgs[2], this.manager.list.imgs[2], this.manager.list.imgs[2]); + .insertNewItem(`database::${id}:${_db}`, `table::${id}:${_db}:${_table}`, _, null, this.manager.list.imgs[2], this.manager.list.imgs[2], this.manager.list.imgs[2]); }); this .manager @@ -674,8 +660,9 @@ class CUSTOM { if (!_) { return }; + _ = antSword.unxss(_); const _column = Buffer - .from(_.substr(0, _.length - _.lastIndexOf(' '))) + .from(_.substr(0, _.lastIndexOf(' '))) .toString('base64'); this .tree @@ -751,10 +738,7 @@ class CUSTOM { return toastr.error(LANG['result']['error']['parse'], LANG_T['error']); }; // 3.行头 - let header_arr = antSword - .noxss(arr[0]) - .replace(/,/g, ',') - .split('\t|\t'); + let header_arr = (arr[0]).replace(/,/g, ',').split('\t|\t'); if (header_arr.length === 1) { return toastr.warning(LANG['result']['error']['noresult'], LANG_T['warning']); }; diff --git a/source/modules/database/php/index.js b/source/modules/database/php/index.js index 95016110..7cfef84f 100644 --- a/source/modules/database/php/index.js +++ b/source/modules/database/php/index.js @@ -1271,7 +1271,7 @@ class PHP { let dbname = Buffer.from(treeselect.split('::')[1].split(":")[1],"base64").toString(); let tablename = Buffer.from(treeselect.split('::')[1].split(":")[2],"base64").toString(); let columnname = Buffer.from(treeselect.split('::')[1].split(":")[3],"base64").toString(); - let columntyperaw = this.tree.getSelectedItemText(); + let columntyperaw = antSword.unxss(this.tree.getSelectedItemText()); let columntype = null; var ctypereg = new RegExp(columnname+'\\s\\((.+?\\))\\)'); var res = columntyperaw.match(ctypereg); @@ -1383,11 +1383,11 @@ class PHP { // 添加子节点 arr.map((_) => { if (!_) { return }; - const _db = Buffer.from(_).toString('base64'); + const _db = Buffer.from(antSword.unxss(_, false)).toString('base64'); this.tree.insertNewItem( `conn::${id}`, `database::${id}:${_db}`, - antSword.noxss(_), null, + _, null, this.manager.list.imgs[1], this.manager.list.imgs[1], this.manager.list.imgs[1]); @@ -1427,11 +1427,11 @@ class PHP { // 添加子节点 arr.map((_) => { if (!_) { return }; - const _table = Buffer.from(_).toString('base64'); + const _table = Buffer.from(antSword.unxss(_, false)).toString('base64'); this.tree.insertNewItem( `database::${id}:${_db}`, `table::${id}:${_db}:${_table}`, - antSword.noxss(_), + _, null, this.manager.list.imgs[2], this.manager.list.imgs[2], @@ -1475,7 +1475,9 @@ class PHP { // 添加子节点 arr.map((_) => { if (!_) { return }; - const _column = Buffer.from(_.substr(0, _.length - _.lastIndexOf(' '))).toString('base64'); + _ = antSword.unxss(_, false); + const _column = Buffer.from(_.substr(0, _.lastIndexOf(' '))).toString('base64'); + this.tree.insertNewItem( `table::${id}:${_db}:${_table}`, `column::${id}:${_db}:${_table}:${_column}`, @@ -1562,7 +1564,7 @@ class PHP { return toastr.error(LANG['result']['error']['parse'], LANG_T['error']); }; // 3.行头 - let header_arr = antSword.noxss(arr[0]).replace(/,/g, ',').split('\t|\t'); + let header_arr = (arr[0]).replace(/,/g, ',').split('\t|\t'); if (header_arr.length === 1) { return toastr.warning(LANG['result']['error']['noresult'], LANG_T['warning']); }; @@ -1623,7 +1625,7 @@ class PHP { return toastr.error(LANG['result']['error']['parse'], LANG_T['error']); }; // 3.行头 - let header_arr = antSword.noxss(arr[0]).replace(/,/g, ',').split('\t|\t'); + let header_arr = (arr[0]).replace(/,/g, ',').split('\t|\t'); if (header_arr.length === 1) { return toastr.warning(LANG['result']['error']['noresult'], LANG_T['warning']); }; diff --git a/source/modules/filemanager/index.js b/source/modules/filemanager/index.js index b6b1a3f3..b793a063 100644 --- a/source/modules/filemanager/index.js +++ b/source/modules/filemanager/index.js @@ -172,7 +172,7 @@ class FileManager { path: path }) ).then((res) => { - let ret = res['text']; + let ret = antSword.unxss(res['text']); // 判断是否出错 if (ret.startsWith('ERROR://')) { callback([]); @@ -1036,8 +1036,8 @@ class FileManager { path: path }) ).then((res) => { - let ret = res['text']; - codes = res['buff']; + let ret = antSword.unxss(res['text'], false); + codes = Buffer.from(antSword.unxss(res['buff'].toString(), false)); let encoding = res['encoding'] || this.opts['encode']; if (encoding.toUpperCase() == "UTF-8") { encoding = "UTF8"; diff --git a/source/modules/terminal/index.js b/source/modules/terminal/index.js index bc229fcd..48313145 100644 --- a/source/modules/terminal/index.js +++ b/source/modules/terminal/index.js @@ -311,7 +311,7 @@ class Terminal { bin: _bin })) .then((ret) => { - let _ = ret['text']; + let _ = antSword.unxss(ret['text'], false); // 解析出命令执行路径 const indexS = _.lastIndexOf('[S]'); const indexE = _.lastIndexOf('[E]');