Closed zackBRAVE closed 11 months ago
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
x-render | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Oct 17, 2023 3:33am |
x-render-1 | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Oct 17, 2023 3:33am |
问题:form-render内的html组件在dangerouslySetInnerHTML之前没有做清理,导致可以触发xss攻击。 影响:该组件为默认的readOnlyWidget,当readyOnly为true且没有制定readOnlyWidget时就会使用该组件,安全风险较大。 解决方案:使用sanitize-html库,在设到innerHTML前对内容做清理,详见代码。