基础框架发布: 8.2.42

1. 修改 SQL 注入漏洞 2. 支持 cookies 的 Http-Only,Secure, SameSite 前端核心发布: 8.2.136 1. 修复 XSS 攻击漏洞
1 month ago · 33974e25e1
38 changed files with 52 additions and 33 deletions
--- a/cips.frontend/package.json
+++ b/cips.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/erm.frontend/package.json
+++ b/erm.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/gradle.properties
+++ b/gradle.properties
@ -39,7 +39,7 @@ application_version=1.0.0
 platform_group=io.sc
 platform_version=8.2.41
 platform_plugin_version=8.2.10
-platform_core_frontend_version=8.2.134
+platform_core_frontend_version=8.2.135

 ###########################################################
 # dependencies version
--- a/io.sc.engine.mv.frontend/package.json
+++ b/io.sc.engine.mv.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.engine.rule.frontend/package.json
+++ b/io.sc.engine.rule.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.engine.rule.frontend/src/views/resources/designer/HttpRequestDialog.vue
+++ b/io.sc.engine.rule.frontend/src/views/resources/designer/HttpRequestDialog.vue
@ -510,6 +510,7 @@ const parameterValueGridColumns = [
    label: $t('name'),
    align: 'left',
    sortable: false,
+    html: true,
    format: (value: any) => {
      return PlaceHolder.replace(value);
    },
@ -519,6 +520,7 @@ const parameterValueGridColumns = [
    name: 'value',
    label: $t('value'),
    sortable: false,
+    html: true,
  },
 ];
 const parameterValueGridEditor = {
--- a/io.sc.engine.rule.frontend/src/views/resources/designer/Option.vue
+++ b/io.sc.engine.rule.frontend/src/views/resources/designer/Option.vue
@ -54,6 +54,7 @@
        width: 400,
        name: 'config',
        label: $t('re.option.grid.entity.config'),
+        html: true,
        format: (value: any, row: any) => {
          return PlaceHolder.replace(value);
        },
--- a/io.sc.engine.rule.frontend/src/views/resources/designer/Processor.vue
+++ b/io.sc.engine.rule.frontend/src/views/resources/designer/Processor.vue
@ -107,6 +107,7 @@
          label: $t('re.processor.grid.entity.content'),
          sortable: false,
          title: () => {},
+          html: true,
          format: (value: any, row: any) => {
            return processorManager.format(value, row);
          },
--- a/io.sc.engine.rule.frontend/src/views/shared/processors/ConditionRange.ts
+++ b/io.sc.engine.rule.frontend/src/views/shared/processors/ConditionRange.ts
@ -87,6 +87,7 @@ class ConditionRange extends Processor {
            label: $t('condition'),
            align: 'left',
            sortable: false,
+            html: true,
            format: (value: any) => {
              return PlaceHolder.replace(value);
            },
@ -95,6 +96,7 @@ class ConditionRange extends Processor {
            name: 'value',
            label: $t('value'),
            sortable: false,
+            html: true,
            format: (value: any) => {
              return PlaceHolder.replace(value);
            },
--- a/io.sc.engine.rule.frontend/src/views/shared/processors/DecisionTable.ts
+++ b/io.sc.engine.rule.frontend/src/views/shared/processors/DecisionTable.ts
@ -306,6 +306,7 @@ class DecisionTable extends Processor {
        name: 'C' + i,
        label: $t('C' + i),
        sortable: false,
+        html: true,
        format: (value: any) => {
          return PlaceHolder.replace(value);
        },
--- a/io.sc.engine.rule.frontend/src/views/shared/processors/ObjectProperties.ts
+++ b/io.sc.engine.rule.frontend/src/views/shared/processors/ObjectProperties.ts
@ -141,6 +141,7 @@ class ObjectProperties extends Processor {
            label: $t('propertyName'),
            align: 'left',
            sortable: false,
+            html: true,
            format: (value: any, row: any) => {
              if (row.expression) {
                const expression = row.expression.replace(/\$\{(.+?)\}\.\$\{(.+?)\}/g, '$2');
@ -156,6 +157,7 @@ class ObjectProperties extends Processor {
            name: 'expression',
            label: $t('expression'),
            sortable: false,
+            html: true,
            format: (value: any) => {
              return PlaceHolder.replace(value);
            },
--- a/io.sc.engine.rule.frontend/src/views/shared/processors/ScoreCard.ts
+++ b/io.sc.engine.rule.frontend/src/views/shared/processors/ScoreCard.ts
@ -134,6 +134,7 @@ class ScoreCard extends Processor {
            name: 'content',
            label: $t('content'),
            sortable: false,
+            html: true,
            title: () => {},
            format: (value, row: any) => {
              const data = Tools.deepClone(row);
--- a/io.sc.engine.rule.frontend/src/views/shared/processors/Sql.ts
+++ b/io.sc.engine.rule.frontend/src/views/shared/processors/Sql.ts
@ -125,6 +125,7 @@ class Sql extends Processor {
            label: $t('name'),
            align: 'left',
            sortable: false,
+            html: true,
            format: (value: any) => {
              return PlaceHolder.replace(value);
            },
@ -134,6 +135,7 @@ class Sql extends Processor {
            name: 'value',
            label: $t('value'),
            sortable: false,
+            html: true,
          },
        ],
        editor: {
@ -257,6 +259,7 @@ class Sql extends Processor {
            name: 'parameter',
            label: $t('parameterName'),
            sortable: false,
+            html: true,
            format: (value: any) => {
              return PlaceHolder.replace(value);
            },
@ -267,6 +270,7 @@ class Sql extends Processor {
            label: $t('fieldName'),
            align: 'left',
            sortable: false,
+            html: true,
          },
        ],
        editor: {
--- a/io.sc.engine.st.frontend/package.json
+++ b/io.sc.engine.st.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.platform.ai.frontend/package.json
+++ b/io.sc.platform.ai.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.platform.core.frontend/package.json
+++ b/io.sc.platform.core.frontend/package.json
@ -1,6 +1,6 @@
 {
  "name": "platform-core",
-  "version": "8.2.134",
+  "version": "8.2.135",
  "description": "前端核心包,用于快速构建前端的脚手架",
  "//main": "库的主文件",
  "main": "dist/platform-core.js",
--- a/io.sc.platform.core.frontend/src/platform/views/home/AnnouncementDialog.vue
+++ b/io.sc.platform.core.frontend/src/platform/views/home/AnnouncementDialog.vue
@ -14,7 +14,7 @@
  >
    <div class="p-2">
      <div class="text-h6 p-2">{{ itemRef.title }}</div>
-      <div class="p-2" v-html="itemRef.content"></div>
+      <div v-dompurify-html="itemRef.content" class="p-2"></div>
    </div>
    <div style="height: 20px"></div>
  </w-dialog>
--- a/io.sc.platform.core.frontend/src/platform/views/home/MyAnnouncement.vue
+++ b/io.sc.platform.core.frontend/src/platform/views/home/MyAnnouncement.vue
@ -21,9 +21,9 @@
            <td width="100%" style="padding: 0px 4px">
              <a href="javascript:void(0);" class="flex flex-nowrap" :style="{ color: $gc.theme.home.announcementTextColor }" @click="handle(item)">
                <q-icon :color="item.userReaded ? 'grey-4' : 'positive'" name="bi-dot" size="sm" />
-                <div class="truncate" :style="{ width: firstColMaxWidthRef + 'px', maxWidth: firstColMaxWidthRef + 'px' }" v-html="item.title"></div>
+                <div v-dompurify-html="item.title" class="truncate" :style="{ width: firstColMaxWidthRef + 'px', maxWidth: firstColMaxWidthRef + 'px' }"></div>
              </a>
-              <q-tooltip :delay="1000"><div v-html="item.title"></div></q-tooltip>
+              <q-tooltip :delay="1000"><div v-dompurify-html="item.title"></div></q-tooltip>
            </td>
            <td width="70px" style="font-size: 0.8em; padding: 0px 4px" align="right">
              <div class="truncate" style="width: 62px; max-width: 62px">
--- a/io.sc.platform.core.frontend/src/platform/views/home/MyDoneTask.vue
+++ b/io.sc.platform.core.frontend/src/platform/views/home/MyDoneTask.vue
@ -22,9 +22,9 @@
              <td width="100%" style="padding: 0px 4px">
                <a href="javascript:void(0);" :style="{ color: $gc.theme.home.myDoneTaskTextColor }" @click="handle(item)">
                  <div
+                    v-dompurify-html="item.businessDescription"
                    class="truncate"
                    :style="{ width: firstColMaxWidthRef + 'px', maxWidth: firstColMaxWidthRef + 'px' }"
-                    v-html="item.businessDescription"
                  ></div>
                </a>
                <q-tooltip :delay="1000">{{ item.businessDescription }}</q-tooltip>
--- a/io.sc.platform.core.frontend/src/platform/views/home/MyFinishedTask.vue
+++ b/io.sc.platform.core.frontend/src/platform/views/home/MyFinishedTask.vue
@ -22,9 +22,9 @@
              <td width="100%" style="padding: 0px 4px">
                <a href="javascript:void(0);" :style="{ color: $gc.theme.home.myFinishedTaskTextColor }" @click="handle(item)">
                  <div
+                    v-dompurify-html="item.businessDescription"
                    class="truncate"
                    :style="{ width: firstColMaxWidthRef + 'px', maxWidth: firstColMaxWidthRef + 'px' }"
-                    v-html="item.businessDescription"
                  ></div>
                </a>
                <q-tooltip :delay="1000">{{ item.businessDescription }}</q-tooltip>
--- a/io.sc.platform.core.frontend/src/platform/views/home/MyMessage.vue
+++ b/io.sc.platform.core.frontend/src/platform/views/home/MyMessage.vue
@ -22,12 +22,12 @@
              <a href="javascript:void(0);" class="flex flex-nowrap" :style="{ color: $gc.theme.home.myMessageTextColor }" @click="handle(item)">
                <q-icon :color="item.receiveDate ? 'grey-4' : 'positive'" name="bi-dot" size="sm" />
                <div
+                  v-dompurify-html="item.title ? item.title : item.content"
                  class="truncate"
                  :style="{ width: firstColMaxWidthRef + 'px', maxWidth: firstColMaxWidthRef + 'px' }"
-                  v-html="item.title ? item.title : item.content"
                ></div>
              </a>
-              <q-tooltip :delay="1000"><div v-html="item.title ? item.title : item.content"></div></q-tooltip>
+              <q-tooltip :delay="1000"><div v-dompurify-html="item.title ? item.title : item.content"></div></q-tooltip>
            </td>
            <td width="80px" style="font-size: 0.8em; padding: 0px 4px">
              <div class="truncate" style="width: 72px; max-width: 72px">{{ item.sender }}</div>
--- a/io.sc.platform.core.frontend/src/platform/views/home/MyTask.vue
+++ b/io.sc.platform.core.frontend/src/platform/views/home/MyTask.vue
@ -22,9 +22,9 @@
              <td width="100%" style="padding: 0px 4px">
                <a href="javascript:void(0);" :style="{ color: $gc.theme.home.myTaskTextColor }" @click="handle(item)">
                  <div
+                    v-dompurify-html="item.businessDescription"
                    class="truncate"
                    :style="{ width: firstColMaxWidthRef + 'px', maxWidth: firstColMaxWidthRef + 'px' }"
-                    v-html="item.businessDescription"
                  ></div>
                </a>
                <q-tooltip :delay="1000">{{ item.businessDescription }}</q-tooltip>
--- a/io.sc.platform.core.frontend/src/platform/views/home/SystemMessageDialog.vue
+++ b/io.sc.platform.core.frontend/src/platform/views/home/SystemMessageDialog.vue
@ -14,7 +14,7 @@
  >
    <div class="p-2">
      <div class="text-h6 p-2">{{ itemRef.title }}</div>
-      <div class="p-2" v-html="itemRef.content"></div>
+      <div v-dompurify-html="itemRef.content" class="p-2"></div>
    </div>
    <div style="height: 20px"></div>
  </w-dialog>
--- a/io.sc.platform.core.frontend/template-project/package.json
+++ b/io.sc.platform.core.frontend/template-project/package.json
@ -1,6 +1,6 @@
 {
  "name": "platform-core",
-  "version": "8.2.134",
+  "version": "8.2.135",
  "description": "前端核心包,用于快速构建前端的脚手架",
  "private": false,
  "keywords": [],
@ -111,7 +111,7 @@
    "mockjs": "1.1.0",
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.platform.core/src/main/resources/META-INF/platform/plugins/application-properties.json
+++ b/io.sc.platform.core/src/main/resources/META-INF/platform/plugins/application-properties.json
@ -59,6 +59,9 @@
      "server.port = 8080",
      "server.servlet.context-path = /",
      "server.servlet.session.timeout = 30m",
+      "server.servlet.session.cookie.http-only = true",
+      "server.servlet.session.cookie.secure = true",
+      "server.servlet.session.cookie.same-site = STRICT",
      "server.error.path = /error",
      "server.error.whitelabel.enabled = true",
      "server.error.include-exception = true",
--- a/io.sc.platform.developer.doc/package.json
+++ b/io.sc.platform.developer.doc/package.json
@ -28,7 +28,7 @@
    "vuepress": "2.0.0-rc.15"
  },
  "dependencies": {
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "vue": "3.5.13",
    "vue-i18n": "11.0.1"
--- a/io.sc.platform.developer.frontend/package.json
+++ b/io.sc.platform.developer.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.platform.lcdp.frontend/package.json
+++ b/io.sc.platform.lcdp.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.platform.license.keygen.frontend/package.json
+++ b/io.sc.platform.license.keygen.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.platform.mvc.frontend/package.json
+++ b/io.sc.platform.mvc.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.platform.mvc/src/main/java/io/sc/platform/mvc/autoconfigure/MvcWebMvcAutoConfiguration.java
+++ b/io.sc.platform.mvc/src/main/java/io/sc/platform/mvc/autoconfigure/MvcWebMvcAutoConfiguration.java
@ -85,4 +85,6 @@ public class MvcWebMvcAutoConfiguration implements WebMvcConfigurer {
 		configurer.setTaskExecutor(executor);
 		configurer.setDefaultTimeout(1000*60*10);
 	}
+
+
 }
--- a/io.sc.platform.scheduler.manager.frontend/package.json
+++ b/io.sc.platform.scheduler.manager.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.platform.system.frontend/package.json
+++ b/io.sc.platform.system.frontend/package.json
@ -111,7 +111,7 @@
    "mockjs": "1.1.0",
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
@ -121,4 +121,4 @@
    "vue-router": "4.5.0",
    "xml-formatter": "3.6.3"
  }
-}
+}
--- a/io.sc.platform.system.frontend/src/views/announcement/AnnouncementManager.vue
+++ b/io.sc.platform.system.frontend/src/views/announcement/AnnouncementManager.vue
@ -13,8 +13,8 @@
    :toolbar-configure="{ noIcon: false }"
    :toolbar-actions="['query', 'refresh', 'separator', 'add', 'clone', 'edit', 'remove', 'separator', 'view', 'separator', 'export']"
    :columns="[
-      { width: 300, name: 'title', label: $t('title') },
-      { width: '100%', name: 'content', label: $t('content'), sortable: false },
+      { width: 300, name: 'title', label: $t('title'), html: true },
+      { width: '100%', name: 'content', label: $t('content'), sortable: false, html: true },
    ]"
    :editor="{
      dialog: {
--- a/io.sc.platform.system.frontend/src/views/workbench/MyMessage.vue
+++ b/io.sc.platform.system.frontend/src/views/workbench/MyMessage.vue
@ -21,7 +21,7 @@
      { width: 150, name: 'sendDate', label: $t('system.notification.grid.entity.sendDate') },
      { width: 100, name: 'receiver', label: $t('system.notification.grid.entity.receiver') },
      { width: 150, name: 'receiveDate', label: $t('system.notification.grid.entity.receiveDate') },
-      { width: '100%', name: 'content', label: $t('content'), sortable: false },
+      { width: '100%', name: 'content', label: $t('content'), sortable: false, html: true },
    ]"
    :editor="{
      dialog: {
--- a/io.sc.standard.frontend/package.json
+++ b/io.sc.standard.frontend/package.json
@ -112,7 +112,7 @@
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
    "pinia-undo": "0.2.4",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",
--- a/io.sc.website/package.json
+++ b/io.sc.website/package.json
@ -28,6 +28,6 @@
  },
  "dependencies": {
    "vue": "3.5.13",
-    "platform-core": "8.2.134"
+    "platform-core": "8.2.135"
  }
 }
--- a/wra.report.frontend/package.json
+++ b/wra.report.frontend/package.json
@ -111,7 +111,7 @@
    "mockjs": "1.1.0",
    "node-sql-parser": "5.3.6",
    "pinia": "2.3.0",
-    "platform-core": "8.2.134",
+    "platform-core": "8.2.135",
    "quasar": "2.17.6",
    "sort-array": "5.0.0",
    "svg-path-commander": "2.1.7",