小说发布防xss攻击

This commit is contained in:
xxy
2020-05-16 13:05:44 +08:00
parent 83dc04c50b
commit e273906441
6 changed files with 59 additions and 50 deletions

View File

@ -1,4 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head th:replace="common/header :: common_head(~{::title},~{},~{::link})">
<title th:text="'修改昵称_'+#{website.name}"></title>
@ -24,21 +25,26 @@
<div class="my_r">
<div class="my_info cf">
<div class="my_info_txt">
<div class="aspNetHidden">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTI5MzkzMzQyMw9kFgJmD2QWAmYPFgIeBFRleHQFqAE8YSBocmVmPSIvc2VhcmNoLmFzcHg/c2VhcmNoS2V5PeWWu+Wuiembr++8jOeLhOazve+8jOeBteW8gu+8jOWJjeS4luS7iueUn++8jOWGpeeOi+msvOWkqyIgdGFyZ2V0PSJfYmxhbmsiPuWWu+Wuiembr++8jOeLhOazve+8jOeBteW8gu+8jOWJjeS4luS7iueUn++8jOWGpeeOi+msvOWkqzwvYT5kZLj1Uo6akAHRsP9HH/tJWCPmjwlzm9tv02sZRfbbCnBA" />
</div>
<div class="aspNetHidden">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE"
value="/wEPDwUKMTI5MzkzMzQyMw9kFgJmD2QWAmYPFgIeBFRleHQFqAE8YSBocmVmPSIvc2VhcmNoLmFzcHg/c2VhcmNoS2V5PeWWu+Wuiembr++8jOeLhOazve+8jOeBteW8gu+8jOWJjeS4luS7iueUn++8jOWGpeeOi+msvOWkqyIgdGFyZ2V0PSJfYmxhbmsiPuWWu+Wuiembr++8jOeLhOazve+8jOeBteW8gu+8jOWJjeS4luS7iueUn++8jOWGpeeOi+msvOWkqzwvYT5kZLj1Uo6akAHRsP9HH/tJWCPmjwlzm9tv02sZRfbbCnBA"/>
</div>
<div class="aspNetHidden">
<div class="aspNetHidden">
<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="6C876674" />
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEdAAO8SPdUDpH0Q7nHjeqbvI7ld2C+OxfjpZOniBJbql7XdnRgTJ25FWigbeFr84Vgoxdi/cg2vS37N0KER6F1nyr1wKHztnXmDR5zls+9dCeAZg==" />
</div>
<ul class="mytab_list">
<li><i class="tit">我的昵称</i><input name="txtNiceName" type="text" value="15171695474" maxlength="20" id="txtNiceName" class="s_input" placeholder="" /></li>
<li><i class="tit">&nbsp;</i>用户名只能包括汉字、英文字母、数字和下划线</li>
<li><i class="tit">&nbsp;</i><input type="button" onclick="updateName()" name="btn" value="修改" id="btn" class="s_btn btn_red" /></li>
<li><i class="tit">&nbsp;</i><span id="LabErr"></span></li>
</ul>
<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="6C876674"/>
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION"
value="/wEdAAO8SPdUDpH0Q7nHjeqbvI7ld2C+OxfjpZOniBJbql7XdnRgTJ25FWigbeFr84Vgoxdi/cg2vS37N0KER6F1nyr1wKHztnXmDR5zls+9dCeAZg=="/>
</div>
<ul class="mytab_list">
<li><i class="tit">我的昵称</i><input name="txtNiceName" type="text" value="15171695474"
maxlength="20" id="txtNiceName" class="s_input"
placeholder=""/></li>
<li><i class="tit">&nbsp;</i>用户名只能包括汉字、英文字母、数字和下划线</li>
<li><i class="tit">&nbsp;</i><input type="button" onclick="updateName()" name="btn" value="修改"
id="btn" class="s_btn btn_red"/></li>
<li><i class="tit">&nbsp;</i><span id="LabErr"></span></li>
</ul>
</div>
</div>
</div>
@ -57,14 +63,13 @@
dataType: "json",
success: function (data) {
if (data.code == 200) {
if(data.data.nickName){
if (data.data.nickName) {
$("#txtNiceName").val(data.data.nickName);
}else{
} else {
$("#txtNiceName").val(data.data.username);
}
} else if (data.code == 1001) {
//未登录
location.href = '/user/login.html?originUrl=' + decodeURIComponent(location.href);
@ -78,27 +83,26 @@
layer.alert('网络异常');
}
})
function updateName() {
var nickname = $("#txtNiceName").val();
if(nickname.isBlank()){
if (nickname.isBlank()) {
$("#LabErr").html("昵称不能为空");
return;
}
if(!nickname.isNickName()){
if (!nickname.isNickName()) {
$("#LabErr").html("昵称格式不正确");
return;
}
$.ajax({
type: "POST",
url: "/user/updateUserInfo",
data: {'nickName':nickname},
data: {'nickName': nickname},
dataType: "json",
success: function (data) {
if (data.code == 200) {
if(data.data.token){
$.cookie('Authorization', data.data.token,{ path: '/' });
}
$.cookie('Authorization', data.data.token, {path: '/'});
window.location.href = '/user/setup.html';
} else if (data.code == 1001) {