test/amis2
1
0
Fork 0
mirror of https://gitee.com/baidu/amis.git synced 2024-11-30 02:58:05 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #1157 from 2betop/iframe

Browse Source 
xss 问题修复
This commit is contained in:
吴多益 2020-12-09 14:21:25 +08:00 committed by GitHub
commit dabe43331d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/renderers/IFrame.tsx
View File

@ -157,6 +157,16 @@ export default class IFrame extends React.Component<IFrameProps, object> {
...tempStyle,
...style
};
const finalSrc = src ? buildApi(src, data).url : undefined;
if (
typeof finalSrc === 'string' &&
!/^(\.\/|\.\.\/|\/|https?\:\/\/)/.test(finalSrc)
) {
return <p> iframe </p>;
}
return (
<iframe
className={className}
@ -164,7 +174,7 @@ export default class IFrame extends React.Component<IFrameProps, object> {
style={style}
ref={this.IFrameRef}
onLoad={this.onLoad}
src={src ? buildApi(src, data).url : undefined}
src={finalSrc}
/>
);
}