修改漏洞

393d3e35 · 赵灿灿 · 00787d45 · 393d3e35 · 393d3e35 · 393d3e35
Commit 393d3e35 authored Feb 28, 2026 by 赵灿灿
8 changed files
--- a/src/main/resources/static/libs/xxx/xss.min.js
+++ b/src/main/resources/static/libs/xxx/xss.min.js
--- a/src/main/resources/static/pages/fusion/fusion-experts-chat.html
+++ b/src/main/resources/static/pages/fusion/fusion-experts-chat.html
@@ -72,7 +72,7 @@
             :class="message.role + '-message'">
          <div class="avatar">{{ message.role === 'user' ? '我' : 'AI' }}</div>
          <div class="content">
-            <p>{{message.content}}</p><!--v-html可能会有xss攻击，但是数据来源于大模型，是否需要清洗数据然后再显示？-->
+            <p v-html="filterXSSText(message.content)"></p><!--v-html可能会有xss攻击，但是数据来源于大模型，是否需要清洗数据然后再显示？-->
            <div v-if="message.typing" class="typing-indicator"></div>
          </div>
        </div>

--- a/src/main/resources/static/pages/fusion/js/ai-chat-vue.js
+++ b/src/main/resources/static/pages/fusion/js/ai-chat-vue.js
@@ -279,7 +279,7 @@ require(['jquery', 'vue', 'utils','marked','markdown', 'global'], function ($, V
                    }
                });
                // 连接SSE
-                this.currentEventSource = new EventSource('../../api/langchain/sseFusionIntelligent?chatMessage='+chatMessage+"&dialogId="+this.sessionId
+                this.currentEventSource = new EventSource('../../api/langchain/simulate?chatMessage='+chatMessage+"&sessionId="+this.sessionId
                    +"&selectedExpert="+this.selectedExpert+"&selectedOrg="+this.selectedOrg);

                let responseText = '';
@@ -506,6 +506,9 @@ require(['jquery', 'vue', 'utils','marked','markdown', 'global'], function ($, V
                setTimeout(() => {
                    toast.remove();
                }, 3000);
+            },
+            filterXSSText: function (value){
+                return filterXSS(value);
            }
        }
    });

--- a/src/main/resources/static/pages/langchain/ai-chat.html
+++ b/src/main/resources/static/pages/langchain/ai-chat.html
@@ -72,7 +72,7 @@
                     :class="message.role + '-message'">
                    <div class="avatar">{{ message.role === 'user' ? '我' : 'AI' }}</div>
                    <div class="content">
-                        <p>{{message.content}}</p><!--v-html可能会有xss攻击，但是数据来源于大模型，是否需要清洗数据然后再显示？-->
+                        <p v-html="filterXSSText(message.content)"></p><!--v-html可能会有xss攻击，但是数据来源于大模型，是否需要清洗数据然后再显示？-->
                        <div v-if="message.typing" class="typing-indicator"></div>
                    </div>
                </div>

--- a/src/main/resources/static/pages/langchain/js/ai-chat-vue.js
+++ b/src/main/resources/static/pages/langchain/js/ai-chat-vue.js
@@ -506,6 +506,9 @@ require(['jquery', 'vue', 'utils','marked','markdown', 'global'], function ($, V
                setTimeout(() => {
                    toast.remove();
                }, 3000);
+            },
+            filterXSSText: function (value){
+                return filterXSS(value);
            }
        }
    });

--- a/src/main/resources/static/pages/plugin/js/ai-chat-vue.js
+++ b/src/main/resources/static/pages/plugin/js/ai-chat-vue.js
@@ -506,6 +506,9 @@ require(['jquery', 'vue', 'utils','marked','markdown', 'global'], function ($, V
                setTimeout(() => {
                    toast.remove();
                }, 3000);
+            },
+            filterXSSText: function (value){
+                return filterXSS(value);
            }
        }
    });

--- a/src/main/resources/static/pages/test/js/ai-chat-vue.js
+++ b/src/main/resources/static/pages/test/js/ai-chat-vue.js
@@ -504,6 +504,9 @@ require(['jquery', 'vue', 'utils','marked','markdown', 'global'], function ($, V
                setTimeout(() => {
                    toast.remove();
                }, 3000);
+            },
+            filterXSSText: function (value){
+                return filterXSS(value);
            }
        }
    });

--- a/src/main/resources/static/scripts/require-config.js
+++ b/src/main/resources/static/scripts/require-config.js
@@ -80,6 +80,7 @@ require.config({
        'peac-script-user-picker': [getContextPath() + '/libs/process-engine/component-peac-script-user-picker'],
        'peac-url-user-picker': [getContextPath() + '/libs/process-engine/component-peac-url-user-picker'],
        'peac-url-users-picker': [getContextPath() + '/libs/process-engine/component-peac-url-users-picker'],
+        'xxx':[getContextPath() + '/libs/xxx/xss.min'],
    },
    shim: {
        'jquery-ui': {
@@ -158,6 +159,7 @@ define("global",
        'jquery-qtip',
        'ELEMENT',
        'common-config',
+        'xxx',

        // 'wangEditor',
        //'lodop',