From 53cc923f1eb24d22932fdd1f91442d0d9f2fb18f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=AB=98=E9=9B=84?= <admin@cxcp.com>
Date: Tue, 1 Aug 2023 07:16:46 +0000
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0markdown=E7=BB=84=E4=BB=B6=20?=
 =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E8=BD=AC=E4=B9=89=E6=96=B9=E6=B3=95=20?=
 =?UTF-8?q?=E6=9B=B4=E6=96=B0markdown=E7=BB=84=E4=BB=B6=20=E6=B7=BB?=
 =?UTF-8?q?=E5=8A=A0=E8=BD=AC=E4=B9=89=E6=96=B9=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 高雄 <admin@cxcp.com>
---
 server/src/main/resources/web/markdown.ftl | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/server/src/main/resources/web/markdown.ftl b/server/src/main/resources/web/markdown.ftl
index fc33665d..cfd882e5 100644
--- a/server/src/main/resources/web/markdown.ftl
+++ b/server/src/main/resources/web/markdown.ftl
@@ -45,14 +45,30 @@
         initWaterMark();
         loadMarkdown();
     }
+     function htmlEscape(str){
+        var s = "";
+        if(str.length == 0) return "";
+        s = str.replace(/&amp;/g,"&");
+        s = str.replace(/&amp;amp;/g,"&");
+        s = s.replace(/&lt;/g,"<");
+        s = s.replace(/&gt;/g,">");
+        s = s.replace(/&nbsp;/g," ");
+        s = s.replace(/&#39;/g,"\'");
+        s = s.replace(/&quot;/g,"\"");
+        s = s.replace(/<script.*?>.*?<\/script>/ig, '');
+        s = s.replace(/<script/gi, "&lt;script ");
+        s = s.replace(/<iframe/gi, "&lt;iframe ");
+        return s;
+    }
 
     /**
      * 加载markdown
      */
     function loadMarkdown() {
         var textData = Base64.decode($("#textData").val())
+        textData = htmlEscape(textData);
         window.textPreData = "<pre style='background-color: #FFFFFF;border:none'>" + textData + "</pre>";
-        window.textMarkdownData = marked(textData);
+        window.textMarkdownData = marked.parse(textData);
         $("#markdown").html(window.textMarkdownData);
     }