Skip to content

o2oa
o2oa

weixin_42566577 / o2oa
与 Fork 源项目一致

Fork自 浙江兰德纵横网络技术股份有限公司 / o2oa

通知 1
Star 0
Fork 0
o2oa
o2oa

体验新版 GitCode,发现更多精彩内容 >>

提交 95bf76d8 编写于 作者: U unknown
浏览文件
操作

修复Mtooltip弹出层可能存在XSS漏洞的问题

上级 26694132
隐藏空白更改
内联 并排
Showing with 112 addition and 51 deletion
o2web/source/x_component_Calendar/Common.js
浏览文件 @ 95bf76d8
......@@ -1473,25 +1473,22 @@ MWFCalendar.EventTooltip = new Class({
if(callback)callback();
},
_getHtml : function(){
var data = this.data;
var titleStyle = "font-size:14px;color:#333";
var valueStyle = "font-size:14px;color:#666;padding-right:10px";
var beginD = Date.parse(this.data.startTime);
var endD = Date.parse(this.data.endTime);
var begin = beginD.format(this.lp.dateFormatAll) + "" + this.lp.weeks.arr[beginD.get("day")] + "";
var end = endD.format(this.lp.dateFormatAll) + "" + this.lp.weeks.arr[endD.get("day")] + "";
var data = this.data;
var html =
"<div style='font-size: 16px;color:#333;padding:10px 10px 10px 20px;'>"+ o2.common.encodeHtml(data.title) +"</div>"+
"<div style='height:1px;margin:0px 20px;border-bottom:1px solid #ccc;'></div>"+
"<table width='100%' bordr='0' cellpadding='7' cellspacing='0' style='margin:13px 13px 13px 13px;'>" +
"<tr><td style='"+titleStyle+";' width='40'>"+this.lp.begin+":</td>" +
" <td style='"+valueStyle+"'>" + begin + "</td></tr>" +
" <td style='"+valueStyle+"' item='begin'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+this.lp.end+":</td>" +
" <td style='"+valueStyle+ "'>"+ end +"</td></tr>" +
" <td style='"+valueStyle+ "' item='end'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+this.lp.locationName+":</td>" +
" <td style='"+valueStyle+ "'>"+ (this.data.locationName||"") +"</td></tr>" +
" <td style='"+valueStyle+ "' item='locationName'></td></tr>" +
//( this.options.isHideAttachment ? "" :
//"<tr><td style='"+titleStyle+"'>"+this.lp.eventAttachment+":</td>" +
//" <td style='"+valueStyle+"' item='attachment'></td></tr>"+
......@@ -1501,6 +1498,19 @@ MWFCalendar.EventTooltip = new Class({
"</table>";
return html;
},
_customNode : function( node, contentNode ){
var data = this.data;
var beginD = Date.parse(this.data.startTime);
var endD = Date.parse(this.data.endTime);
var begin = beginD.format(this.lp.dateFormatAll) + "" + this.lp.weeks.arr[beginD.get("day")] + "";
var end = endD.format(this.lp.dateFormatAll) + "" + this.lp.weeks.arr[endD.get("day")] + "";
contentNode.getElement("[item='begin']").set("text", begin );
contentNode.getElement("[item='end']").set("text", end );
contentNode.getElement("[item='locationName']").set("text", (this.data.locationName||"") );
this.fireEvent("customContent", [contentNode, node])
},
destroy: function(){
if( this.node ){
this.node.destroy();
......
o2web/source/x_component_Meeting/Common.js
浏览文件 @ 95bf76d8
......@@ -99,9 +99,15 @@ MWF.xApplication.Meeting.BuildingTooltip = new Class({
var data = this.data;
var html =
"<div item='containr' style='height:16px;line-height:16px;'><div style='font-size: 14px;color:#666;float:left; '>"+ (data.address ? data.address : this.lp.noAddress) +"</div></div>";
"<div item='containr' style='height:16px;line-height:16px;'><div style='font-size: 14px;color:#666;float:left; ' item='address'></div></div>";
return html;
},
_customNode : function( node, contentNode ){
var data = this.data;
contentNode.getElement("[item='address']").set("text", (data.address ? data.address : this.lp.noAddress) );
this.fireEvent("customContent", [contentNode, node])
},
loadActionBar : function(){
if( MWF.AC.isMeetingAdministrator() ){
//this.actionBar = new Element("div", {
......@@ -571,10 +577,6 @@ MWF.xApplication.Meeting.RoomTooltip = new Class({
var titleStyle = "font-size:14px;color:#333";
var valueStyle = "font-size:14px;color:#666;padding-right:20px";
var device = [];
( data.device || "" ).split("#").each( function( d ){
device.push( lp[d] );
}.bind(this));
lp = this.lp.roomForm;
......@@ -582,26 +584,46 @@ MWF.xApplication.Meeting.RoomTooltip = new Class({
"<div style='overflow: hidden;padding:15px 20px 20px 10px;height:16px;line-height:16px;'>" +
" <div style='font-size: 16px;color:#333;float: left'>"+ this.lp.room +"</div>"+
"</div>"+
"<div style='font-size: 18px;color:#333;padding:0px 10px 15px 20px;'>"+ data.name +"</div>"+
"<div style='font-size: 18px;color:#333;padding:0px 10px 15px 20px;' item='name'></div>"+
"<div style='height:1px;margin:0px 20px;border-bottom:1px solid #ccc;'></div>"+
"<table width='100%' bordr='0' cellpadding='7' cellspacing='0' style='margin:13px 13px 13px 13px;'>" +
"<tr><td style='"+titleStyle+"' width='100'>"+ lp.building+":</td>" +
" <td style='"+valueStyle+"' item='building'></td></tr>" +
"<tr><td style='"+titleStyle+"'>" + lp.floor+":</td>" +
" <td style='"+valueStyle+"'>" + data.floor + "</td></tr>" +
" <td style='"+valueStyle+"' item='floor'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+ lp.capacity +":</td>" +
" <td style='"+valueStyle+"'>"+ data.capacity+"</td></tr>" +
" <td style='"+valueStyle+"' item='capacity'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+ lp.roomNumber +":</td>" +
" <td style='"+valueStyle+"'>"+ data.roomNumber+"</td></tr>" +
" <td style='"+valueStyle+"' item='roomNumber'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+ lp.phone+":</td>" +
" <td style='"+valueStyle+"'>"+ data.phoneNumber +"</td></tr>" +
" <td style='"+valueStyle+"' item='phoneNumber'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+ lp.device +":</td>" +
" <td style='"+valueStyle+"'>"+ device.join( "," ) +"</td></tr>"+
" <td style='"+valueStyle+"' item='device'></td></tr>"+
"<tr><td style='"+titleStyle+"'>"+ lp.available +":</td>" +
" <td style='"+valueStyle+"'>" + ( !data.available ? this.lp.disable : this.lp.enable ) + "</td></tr>"+
" <td style='"+valueStyle+"' item='available'></td></tr>"+
"</table>";
return html;
},
_customNode : function( node, contentNode ){
var data = this.data;
var lp = this.lp.roomForm;
var device = [];
( data.device || "" ).split("#").each( function( d ){
device.push( lp[d] );
}.bind(this));
contentNode.getElement("[item='name']").set("text", data.name );
// contentNode.getElement("[item='building']").set("text", end );
contentNode.getElement("[item='floor']").set("text", data.floor );
contentNode.getElement("[item='capacity']").set("text", data.capacity );
contentNode.getElement("[item='roomNumber']").set("text", data.roomNumber );
contentNode.getElement("[item='phoneNumber']").set("text", data.phoneNumber );
contentNode.getElement("[item='device']").set("text", device.join( "," ) );
contentNode.getElement("[item='available']").set("text", ( !data.available ? this.lp.disable : this.lp.enable ) );
this.fireEvent("customContent", [contentNode, node]);
},
loadBuilding: function( callback ){
var area = this.node.getElement("[item='building']");
if (this.data.building){
......@@ -1710,10 +1732,6 @@ MWF.xApplication.Meeting.MeetingTooltip = new Class({
var data = this.data;
var titleStyle = "font-size:14px;color:#333";
var valueStyle = "font-size:14px;color:#666;padding-right:20px";
var persons = [];
data.invitePersonList.each( function( p ){
persons.push(p.split("@")[0] )
}.bind(this));
var color = "#ccc";
switch (data.status){
......@@ -1734,15 +1752,6 @@ MWF.xApplication.Meeting.MeetingTooltip = new Class({
color = "#FF7F7F";
}
var beginDate = Date.parse(data.startTime);
var endDate = Date.parse(data.completedTime);
var dateStr = beginDate.format(this.app.lp.dateFormatDay);
var beginTime = this.getString( beginDate.getHours() ) + ":" + this.getString( beginDate.getMinutes() );
var endTime = this.getString( endDate.getHours() ) + ":" + this.getString( endDate.getMinutes() );
var meetingTime = dateStr + " " + beginTime + "-" + endTime;
var description = (data.description || "")+(data.summary || "");
debugger;
var deletedInfor = "";
this.userName = layout.desktop.session.user.distinguishedName;
......@@ -1751,33 +1760,29 @@ MWF.xApplication.Meeting.MeetingTooltip = new Class({
}
var html = deletedInfor +
"<div style='overflow: hidden;padding:15px 20px 20px 10px;height:16px;line-height:16px;'>" +
" <div style='font-size: 12px;color:#666; float: right'>"+ this.lp.applyPerson +":" + data.applicant.split("@")[0] +"</div>" +
" <div style='font-size: 16px;color:#333;float: left'>"+ (this.data.type || this.lp.meetingDetail) +"</div>"+
" <div style='font-size: 12px;color:#666; float: right' item='applicant'></div>" +
" <div style='font-size: 16px;color:#333;float: left' item='type'></div>"+
"</div>"+
"<div style='font-size: 18px;color:#333;padding:0px 10px 15px 20px;overflow:hidden;'>"+ data.subject +"</div>"+
"<div style='font-size: 18px;color:#333;padding:0px 10px 15px 20px;overflow:hidden;' item='subject'></div>"+
"<div style='height:1px;margin:0px 20px;border-bottom:1px solid #ccc;'></div>"+
"<table width='100%' bordr='0' cellpadding='7' cellspacing='0' style='margin:13px 13px 13px 13px;'>" +
"<tr><td style='"+titleStyle+";' width='70'>"+this.lp.meetingTime+":</td>" +
" <td style='"+valueStyle+";color:"+ color +"'>" + meetingTime + "</td></tr>" +
//"<tr><td style='"+titleStyle+"' width='70'>"+this.lp.beginTime+":</td>" +
//" <td style='"+valueStyle+"'>" + data.startTime + "</td></tr>" +
//"<tr><td style='"+titleStyle+"'>"+this.lp.endTime+":</td>" +
//" <td style='"+valueStyle+"'>" + data.completedTime + "</td></tr>" +
" <td style='"+valueStyle+";color:"+ color +"' item='meetingTime'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+this.lp.selectRoom +":</td>" +
" <td style='"+valueStyle+"' item='meetingRoom'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+this.lp.invitePerson2+":</td>" +
" <td style='"+valueStyle+"' item='invitePerson'>"+persons.join(",")+"</td></tr>" +
" <td style='"+valueStyle+"' item='invitePerson'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+this.lp.meetingDescription+":</td>" +
" <td style='"+valueStyle+"'>"+ description +"</td></tr>";
" <td style='"+valueStyle+"' item='description'></td></tr>";
if( this.data.hostPerson ){
html += "<tr><td style='"+titleStyle+"'>"+this.lp.hostPerson+":</td>" +
" <td style='"+valueStyle+"'>"+ this.data.hostPerson.split("@")[0] +"</td></tr>";
" <td style='"+valueStyle+"' item='hostPerson'></td></tr>";
}
if( this.data.hostUnit ){
html += "<tr><td style='"+titleStyle+"'>"+this.lp.hostUnit+":</td>" +
" <td style='"+valueStyle+"'>"+ this.data.hostUnit.split("@")[0] +"</td></tr>";
" <td style='"+valueStyle+"' item='hostUnit'></td></tr>";
}
if( !this.options.isHideAttachment ){
......@@ -1788,6 +1793,38 @@ MWF.xApplication.Meeting.MeetingTooltip = new Class({
html += "</table>";
return html;
},
setItemValue: function( contentNode, name, value ){
var itemNode = contentNode.getElement("[item='"+name+"']");
if(itemNode)itemNode.set("text", value );
},
_customNode : function( node, contentNode ){
var data = this.data;
var persons = [];
data.invitePersonList.each( function( p ){
persons.push(p.split("@")[0] )
}.bind(this));
var beginDate = Date.parse(data.startTime);
var endDate = Date.parse(data.completedTime);
var dateStr = beginDate.format(this.app.lp.dateFormatDay);
var beginTime = this.getString( beginDate.getHours() ) + ":" + this.getString( beginDate.getMinutes() );
var endTime = this.getString( endDate.getHours() ) + ":" + this.getString( endDate.getMinutes() );
var meetingTime = dateStr + " " + beginTime + "-" + endTime;
var description = (data.description || "")+(data.summary || "");
this.setItemValue(contentNode, "type", (this.data.type || this.lp.meetingDetail));
this.setItemValue(contentNode, "applicant", this.lp.applyPerson +":" + data.applicant.split("@")[0] );
this.setItemValue(contentNode, "subject", data.subject );
this.setItemValue(contentNode, "meetingTime", meetingTime );
this.setItemValue(contentNode, "subject", data.subject );
this.setItemValue(contentNode, "invitePerson", persons.join(",") );
this.setItemValue(contentNode, "description", description );
this.setItemValue(contentNode, "hostPerson", this.data.hostPerson.split("@")[0] );
this.setItemValue(contentNode, "hostUnit", this.data.hostUnit.split("@")[0] );
this.fireEvent("customContent", [contentNode, node]);
},
getString : function( str ){
var s = "00" + str;
return s.substr(s.length - 2, 2 );
......
o2web/source/x_component_cms_ColumnManager/CategoryExplorer.js
浏览文件 @ 95bf76d8
......@@ -2868,11 +2868,11 @@ MWF.xApplication.cms.ColumnManager.CategoryExplorer.ViewTooltip = new Class({
"<tr><td style='"+titleStyle+";' width='70'>"+lp.type+":</td>" +
" <td style='"+valueStyle+";'>" + lp.list + "</td></tr>" +
"<tr><td style='"+titleStyle+";' width='70'>"+lp.listName+":</td>" +
" <td style='"+valueStyle+";'>" + data.name + "</td></tr>" +
" <td style='"+valueStyle+";' item='name'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+ lp.relativeForm +":</td>" +
" <td style='"+valueStyle+"'>"+ (data.formName || "") +"</td></tr>" +
" <td style='"+valueStyle+"' item='formName'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+ lp.alias +":</td>" +
" <td style='"+valueStyle+"'>"+(data.alias||"") +"</td></tr>" +
" <td style='"+valueStyle+"' item='alias'></td></tr>" +
"</table>";
}else{
var html =
......@@ -2880,14 +2880,28 @@ MWF.xApplication.cms.ColumnManager.CategoryExplorer.ViewTooltip = new Class({
"<tr><td style='"+titleStyle+";' width='70'>"+ lp.type +":</td>" +
" <td style='"+valueStyle+";'>" + lp.dataView + "</td></tr>" +
"<tr><td style='"+titleStyle+";' width='70'>"+ lp.viewName +":</td>" +
" <td style='"+valueStyle+";'>" + data.name + "</td></tr>" +
" <td style='"+valueStyle+";' item='name'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+ lp.column +":</td>" +
" <td style='"+valueStyle+"'>"+ (data.appName || "") +"</td></tr>" +
" <td style='"+valueStyle+"' item='appName'></td></tr>" +
"<tr><td style='"+titleStyle+"'>"+ lp.alias +":</td>" +
" <td style='"+valueStyle+"'>"+(data.alias||"")+"</td></tr>" +
" <td style='"+valueStyle+"' item='alias'></td></tr>" +
"</table>";
}
return html;
},
_customNode : function( node, contentNode ){
var data = this.data;
if( data.type == "list" ){
contentNode.getElement("[item='name']").set("text", data.name );
contentNode.getElement("[item='formName']").set("text", (data.formName || "") );
contentNode.getElement("[item='alias']").set("text", (data.alias||"") );
}else{
contentNode.getElement("[item='name']").set("text", data.name );
contentNode.getElement("[item='appName']").set("text", (data.appName || "") );
contentNode.getElement("[item='alias']").set("text", (data.alias||"") );
}
this.fireEvent("customContent", [contentNode, node])
}
});
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册