Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
pms-dispatch-assistant
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
姜耀祖
pms-dispatch-assistant
Commits
34719ac6
Commit
34719ac6
authored
Feb 27, 2026
by
赵灿灿
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
修复漏洞
parent
fa1fa16c
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
11 additions
and
5 deletions
+11
-5
pom.xml
pom.xml
+1
-1
Result.java
...oepoch/pms/dispatchassistant/common/component/Result.java
+6
-0
fusion-experts-chat.html
...in/resources/static/pages/fusion/fusion-experts-chat.html
+1
-1
ai-chat.html
src/main/resources/static/pages/langchain/ai-chat.html
+1
-1
expert-chat.html
src/main/resources/static/pages/plugin/expert-chat.html
+1
-1
ai-chat.html
src/main/resources/static/pages/test/ai-chat.html
+1
-1
No files found.
pom.xml
View file @
34719ac6
...
@@ -162,7 +162,7 @@
...
@@ -162,7 +162,7 @@
<dependency>
<dependency>
<groupId>
com.infoepoch.pms
</groupId>
<groupId>
com.infoepoch.pms
</groupId>
<artifactId>
commons
</artifactId>
<artifactId>
commons
</artifactId>
<version>
1.0.
0
</version>
<version>
1.0.
1
</version>
</dependency>
</dependency>
<!--密码管理:配置文件中的明文密码-->
<!--密码管理:配置文件中的明文密码-->
<!--使用jasypt加密密钥-->
<!--使用jasypt加密密钥-->
...
...
src/main/java/com/infoepoch/pms/dispatchassistant/common/component/Result.java
View file @
34719ac6
...
@@ -170,6 +170,12 @@ public class Result {
...
@@ -170,6 +170,12 @@ public class Result {
.
replaceAll
(
"\\)"
,
")"
)
.
replaceAll
(
"\\)"
,
")"
)
.
replaceAll
(
"'"
,
"'"
)
.
replaceAll
(
"'"
,
"'"
)
.
replaceAll
(
"eval\\((.*)\\)"
,
""
)
.
replaceAll
(
"eval\\((.*)\\)"
,
""
)
.
replaceAll
(
"alert\\((.*)\\)"
,
""
)
// 添加:alert
.
replaceAll
(
"confirm\\((.*)\\)"
,
""
)
// 添加:confirm
.
replaceAll
(
"prompt\\((.*)\\)"
,
""
)
// 添加:prompt
.
replaceAll
(
"open\\((.*)\\)"
,
""
)
// 添加:open
.
replaceAll
(
"write\\((.*)\\)"
,
""
)
// 添加:write
.
replaceAll
(
"writeln\\((.*)\\)"
,
""
)
// 添加:writeln
.
replaceAll
(
"(?i)script"
,
""
)
.
replaceAll
(
"(?i)script"
,
""
)
.
replaceAll
(
"(?i)onload"
,
""
)
.
replaceAll
(
"(?i)onload"
,
""
)
...
...
src/main/resources/static/pages/fusion/fusion-experts-chat.html
View file @
34719ac6
...
@@ -72,7 +72,7 @@
...
@@ -72,7 +72,7 @@
:class=
"message.role + '-message'"
>
:class=
"message.role + '-message'"
>
<div
class=
"avatar"
>
{{ message.role === 'user' ? '我' : 'AI' }}
</div>
<div
class=
"avatar"
>
{{ message.role === 'user' ? '我' : 'AI' }}
</div>
<div
class=
"content"
>
<div
class=
"content"
>
<p
v-html=
"message.content"
>
</p>
<!--v-html可能会有xss攻击,但是数据来源于大模型,是否需要清洗数据然后再显示?-->
<p
>
{{message.content}}
</p>
<!--v-html可能会有xss攻击,但是数据来源于大模型,是否需要清洗数据然后再显示?-->
<div
v-if=
"message.typing"
class=
"typing-indicator"
></div>
<div
v-if=
"message.typing"
class=
"typing-indicator"
></div>
</div>
</div>
</div>
</div>
...
...
src/main/resources/static/pages/langchain/ai-chat.html
View file @
34719ac6
...
@@ -72,7 +72,7 @@
...
@@ -72,7 +72,7 @@
:class=
"message.role + '-message'"
>
:class=
"message.role + '-message'"
>
<div
class=
"avatar"
>
{{ message.role === 'user' ? '我' : 'AI' }}
</div>
<div
class=
"avatar"
>
{{ message.role === 'user' ? '我' : 'AI' }}
</div>
<div
class=
"content"
>
<div
class=
"content"
>
<p
v-html=
"message.content"
>
</p>
<!--v-html可能会有xss攻击,但是数据来源于大模型,是否需要清洗数据然后再显示?-->
<p
>
{{message.content}}
</p>
<!--v-html可能会有xss攻击,但是数据来源于大模型,是否需要清洗数据然后再显示?-->
<div
v-if=
"message.typing"
class=
"typing-indicator"
></div>
<div
v-if=
"message.typing"
class=
"typing-indicator"
></div>
</div>
</div>
</div>
</div>
...
...
src/main/resources/static/pages/plugin/expert-chat.html
View file @
34719ac6
...
@@ -72,7 +72,7 @@
...
@@ -72,7 +72,7 @@
:class=
"message.role + '-message'"
>
:class=
"message.role + '-message'"
>
<div
class=
"avatar"
>
{{ message.role === 'user' ? '我' : 'AI' }}
</div>
<div
class=
"avatar"
>
{{ message.role === 'user' ? '我' : 'AI' }}
</div>
<div
class=
"content"
>
<div
class=
"content"
>
<p
v-html=
"message.content"
>
</p>
<!--v-html可能会有xss攻击,但是数据来源于大模型,是否需要清洗数据然后再显示?-->
<p
>
{{message.content}}
</p>
<!--v-html可能会有xss攻击,但是数据来源于大模型,是否需要清洗数据然后再显示?-->
<div
v-if=
"message.typing"
class=
"typing-indicator"
></div>
<div
v-if=
"message.typing"
class=
"typing-indicator"
></div>
</div>
</div>
</div>
</div>
...
...
src/main/resources/static/pages/test/ai-chat.html
View file @
34719ac6
...
@@ -72,7 +72,7 @@
...
@@ -72,7 +72,7 @@
:class=
"message.role + '-message'"
>
:class=
"message.role + '-message'"
>
<div
class=
"avatar"
>
{{ message.role === 'user' ? '我' : 'AI' }}
</div>
<div
class=
"avatar"
>
{{ message.role === 'user' ? '我' : 'AI' }}
</div>
<div
class=
"content"
>
<div
class=
"content"
>
<p
v-html=
"message.content"
>
</p>
<!--v-html可能会有xss攻击,但是数据来源于大模型,是否需要清洗数据然后再显示?-->
<p
>
{{message.content}}
</p>
<!--v-html可能会有xss攻击,但是数据来源于大模型,是否需要清洗数据然后再显示?-->
<div
v-if=
"message.typing"
class=
"typing-indicator"
></div>
<div
v-if=
"message.typing"
class=
"typing-indicator"
></div>
</div>
</div>
</div>
</div>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
