Merge pull request #1472 from hLinx/hotfix_3.5.x

bugfix: copyright markdown解析问题 #1471

src/frontend/package.json

@@ -37,7 +37,8 @@
     "vue-progressbar": "0.7.5",
     "vue-router": "3.5.2",
     "vuedraggable": "2.23.2",
-    "vuex": "3.6.2"
+    "vuex": "3.6.2",
+    "xss": "^1.0.14"
   },
   "devDependencies": {
     "@babel/core": "^7.17.8",

src/frontend/src/views/home/index/index.vue

@@ -77,6 +77,7 @@
 </template>
 <script>
     import marked from 'marked';
+    import xss from 'xss';
     import QueryGlobalSettingService from '@service/query-global-setting';
     import LayoutCard from './components/card';
     import User from './components/user';
@@ -85,6 +86,17 @@
     import FavorTask from './components/favor-task';
     import HistoryRecord from './components/history-record';
 
+    const xssHTML = (html) => {
+        const attrs = ['class', 'title', 'target', 'style'];
+        return xss(html, {
+            onTagAttr: (tag, name, value, isWhiteAttr) => {
+                if (attrs.includes(name)) {
+                    return `${name}=${value}`;
+                }
+            },
+        });
+    };
+
     export default {
         name: '',
         components: {
@@ -109,8 +121,8 @@
                 const formatLink = link => link.replace(/(?=( href))/g, ' target="_blank"');
                 QueryGlobalSettingService.fetchFooterConfig()
                     .then((data) => {
-                        this.footerLink = formatLink(marked(`${data.footerLink}`));
-                        this.footerCopyRight = marked(data.footerCopyRight);
+                        this.footerLink = xssHTML(formatLink(marked(`${data.footerLink}`)));
+                        this.footerCopyRight = xssHTML(marked(data.footerCopyRight));
                     });
             },
         },