From 7550a1e79f6aef576cc746b088cb8a5a3b07976a Mon Sep 17 00:00:00 2001
From: huqi <hq_1980@hotmail.com>
Date: Mon, 13 Dec 2021 12:11:51 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=89=88=E5=BC=8F=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E7=9A=84js=E6=B3=A8=E5=85=A5=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 988480a094f58336397d55d7926a9a9df24daebe)
---
 .../Documenteditor.js                         | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/o2web/source/x_component_process_Xform/Documenteditor.js b/o2web/source/x_component_process_Xform/Documenteditor.js
index bd677f736d..36f3072886 100644
--- a/o2web/source/x_component_process_Xform/Documenteditor.js
+++ b/o2web/source/x_component_process_Xform/Documenteditor.js
@@ -3003,7 +3003,7 @@ debugger;
                 //if (this.data[name]){
                 if (this[dom]){
                             if (dom=="layout_redHeader" ||dom=="layout_issuanceUnit" || dom=="layout_meetingAttendContent" || dom=="layout_meetingLeaveContent" || dom=="layout_meetingSitContent" || dom=="layout_meetingRecordContent" || dom=="layout_signer") {
-                                this[dom].set("html", this.data[name] || "");
+                                this[dom].set("html", this.filterHtml(this.data[name] || ""));
                             }else if (dom=="layout_subject"){
                                 this[dom].set("html", (this.data[name] || ""));
                             }else if (dom=="layout_attachment"){
@@ -3446,6 +3446,15 @@ debugger;
         }
     },
 
+    filterHtml: function(html){
+        var content = html.replace(/(?:<script[\s\S]*?)(?:(?:<\/script>)|(?:\/>))/gmi, "");
+        // content = content.replace(/(?<=[\"\'])javascript\:(?=.*")/gmi, "");
+        content = content.replace(/(?<=\s)on\w*|src|href(?=\=[\"\'])/gmi, function(match){
+            return "data-"+match;
+        });
+        return content;
+    },
+
     /**设置公文编辑器数据
      * @param {Object} data
      * @example
@@ -3537,10 +3546,10 @@ debugger;
             if (this.layout_meetingLeaveTitle) this.layout_meetingLeaveTitle.set("text", data.meetingLeaveTitle || this.json.defaultValue.meetingLeaveTitle || " ");
             if (this.layout_meetingSitTitle) this.layout_meetingSitTitle.set("text", data.meetingSitTitle || this.json.defaultValue.meetingSitTitle || " ");
 
-            if (this.layout_meetingAttendContent) this.layout_meetingAttendContent.set("html", data.meetingAttend || " ");
-            if (this.layout_meetingLeaveContent) this.layout_meetingLeaveContent.set("html", data.meetingLeave || " ");
-            if (this.layout_meetingSitContent) this.layout_meetingSitContent.set("html", data.meetingSit || " ");
-            if (this.layout_meetingRecordContent) this.layout_meetingRecordContent.set("html", data.meetingRecord || " ");
+            if (this.layout_meetingAttendContent) this.layout_meetingAttendContent.set("html", this.filterHtml(data.meetingAttend || " "));
+            if (this.layout_meetingLeaveContent) this.layout_meetingLeaveContent.set("html", this.filterHtml(data.meetingLeave || " "));
+            if (this.layout_meetingSitContent) this.layout_meetingSitContent.set("html", this.filterHtml(data.meetingSit || " "));
+            if (this.layout_meetingRecordContent) this.layout_meetingRecordContent.set("html", this.filterHtml(data.meetingRecord || " "));
 
             if (this.layout_seals){
                 if (data.seals && data.seals.length){
-- 
GitLab