Browse Source

fix: html encode

node 6 years ago
parent
commit
93895bec7a
1 changed files with 14 additions and 1 deletions
  1. 14
    1
      src/helper.js

+ 14
- 1
src/helper.js View File

26
   }, {});
26
   }, {});
27
 }
27
 }
28
 
28
 
29
+/**
30
+ * HTML 编码
31
+ * 将 < > 等字符串进行编码
32
+ * @param {string} str 文本
33
+ */
34
+export function htmlEncode(str) {
35
+  if (!str) return "";
36
+  // /[\u00A0-\u9999<>\&]/gim  // 中文和 HTML 字符
37
+  return str.replace(/[<>\&]/gim, function(i) {
38
+    return "&#" + i.charCodeAt(0) + ";";
39
+  });
40
+}
41
+
29
 /**
42
 /**
30
  * 渲染编辑器
43
  * 渲染编辑器
31
  * [x] => <img src="x" />
44
  * [x] => <img src="x" />
32
  * @param {strig} content
45
  * @param {strig} content
33
  */
46
  */
34
 export function renderContent(content, onClick) {
47
 export function renderContent(content, onClick) {
35
-  return content.replace(REGEXP, function(a, b) {
48
+  return htmlEncode(content).replace(REGEXP, function(a, b) {
36
     const src = a.slice(1, -1);
49
     const src = a.slice(1, -1);
37
     if (isUrl(src)) {
50
     if (isUrl(src)) {
38
       return `<img src="${src}" alt="${src}" style="max-width: 300px" />`;
51
       return `<img src="${src}" alt="${src}" style="max-width: 300px" />`;