修复 XSS漏洞

This commit is contained in:
康盛Discuz! 2017-01-09 15:00:54 +08:00
parent 2706c1d6ff
commit d090ffd65b
1 changed files with 3 additions and 1 deletions

View File

@ -34,7 +34,9 @@ function setvalue(obj) {
if(varnamev) {
parent.$(varnamev).value = setv;
}
if(fun) eval('parent.'+fun+'("'+setv+'")');
if(fun && (fun == 'sethtml_color' || fun == 'spaceDiy.setBgColor' || fun == 'spaceDiy.setTextColor' || fun == 'spaceDiy.setLinkColor')) {
eval('parent.'+fun+'("'+setv+'")');
}
}
function v(v) {