打包生成的view.umd.min.js是如何生成的?
app送审时没通过,因为这个文件有InnerHTML的XSS攻击漏洞风险
for (n in c) {
if (i = c[n], "textContent" === n || "**innerHTML**" === n) {
if (e.children && (e.children.length = 0), i === s[n]) continue;
1 === a.childNodes.length && a.removeChild(a.childNodes[0])
}
if ("value" === n && "PROGRESS" !== a.tagName) {
a._value = i;
var u = r(i) ? "" : String(i);
co(a, u) && (a.value = u)
} else if ("**innerHTML**" === n && or(a.tagName) && r(a[["inner",
"HTML"
].join("")])) {
oo = oo || document.createElement("div"), oo[["inner", "HTML"]
.join("")] = "<svg>" + i + "</svg>";
var l = oo.firstChild;
while (a.firstChild) a.removeChild(a.firstChild);
while (l.firstChild) a.appendChild(l.firstChild)
} else if (i !== s[n]) try {
a[n] = i
} catch (Ma) {}
}
0 个回复