修复 XSS漏洞
This commit is contained in:
parent
2706c1d6ff
commit
d090ffd65b
|
@ -34,7 +34,9 @@ function setvalue(obj) {
|
|||
if(varnamev) {
|
||||
parent.$(varnamev).value = setv;
|
||||
}
|
||||
if(fun) eval('parent.'+fun+'("'+setv+'")');
|
||||
if(fun && (fun == 'sethtml_color' || fun == 'spaceDiy.setBgColor' || fun == 'spaceDiy.setTextColor' || fun == 'spaceDiy.setLinkColor')) {
|
||||
eval('parent.'+fun+'("'+setv+'")');
|
||||
}
|
||||
}
|
||||
|
||||
function v(v) {
|
||||
|
|
Loading…
Reference in New Issue