bluemonday 自定义策略

controllers/english_report/report.go

@@ -65,12 +65,6 @@ func (this *EnglishReportController) Add() {
 
 	var contentSub string
 	if req.Content != "" {
-		e := utils.ContentXssCheck(req.Content)
-		if e != nil {
-			br.Msg = "存在非法标签"
-			br.ErrMsg = "存在非法标签, Err: " + e.Error()
-			return
-		}
 		req.Content = utils.ContentXssFilter(req.Content)
 		content, e := services.FilterReportContentBr(req.Content)
 		if e != nil {
@@ -189,12 +183,6 @@ func (this *EnglishReportController) Edit() {
 	}
 	var contentSub string
 	if req.Content != "" {
-		e := utils.ContentXssCheck(req.Content)
-		if e != nil {
-			br.Msg = "存在非法标签"
-			br.ErrMsg = "存在非法标签, Err: " + e.Error()
-			return
-		}
 		req.Content = utils.ContentXssFilter(req.Content)
 		content, e := services.FilterReportContentBr(req.Content)
 		if e != nil {
@@ -1027,12 +1015,6 @@ func (this *EnglishReportController) SaveReportContent() {
 			content = this.GetString("Content")
 		}
 		if content != "" {
-			e := utils.ContentXssCheck(req.Content)
-			if e != nil {
-				br.Msg = "存在非法标签"
-				br.ErrMsg = "存在非法标签, Err: " + e.Error()
-				return
-			}
 			req.Content = utils.ContentXssFilter(req.Content)
 			contentClean, e := services.FilterReportContentBr(req.Content)
 			if e != nil {

controllers/report.go

@@ -525,12 +525,6 @@ func (this *ReportController) Add() {
 	}
 	var contentSub string
 	if req.Content != "" {
-		e := utils.ContentXssCheck(req.Content)
-		if e != nil {
-			br.Msg = "存在非法标签"
-			br.ErrMsg = "存在非法标签, Err: " + e.Error()
-			return
-		}
 		req.Content = utils.ContentXssFilter(req.Content)
 		content, e := services.FilterReportContentBr(req.Content)
 		if e != nil {
@@ -664,12 +658,6 @@ func (this *ReportController) Edit() {
 	}
 	var contentSub string
 	if req.Content != "" {
-		e := utils.ContentXssCheck(req.Content)
-		if e != nil {
-			br.Msg = "存在非法标签"
-			br.ErrMsg = "存在非法标签, Err: " + e.Error()
-			return
-		}
 		req.Content = utils.ContentXssFilter(req.Content)
 		content, e := services.FilterReportContentBr(req.Content)
 		if e != nil {
@@ -1217,12 +1205,6 @@ func (this *ReportController) SaveReportContent() {
 			content = this.GetString("Content")
 		}
 		if content != "" {
-			e := utils.ContentXssCheck(req.Content)
-			if e != nil {
-				br.Msg = "存在非法标签"
-				br.ErrMsg = "存在非法标签, Err: " + e.Error()
-				return
-			}
 			req.Content = utils.ContentXssFilter(req.Content)
 			contentClean, e := services.FilterReportContentBr(req.Content)
 			if e != nil {
@@ -2450,12 +2432,6 @@ func (this *ReportController) EditDayWeekChapter() {
 	// 更新章节及指标
 	contentSub := ""
 	if req.Content != "" {
-		e := utils.ContentXssCheck(req.Content)
-		if e != nil {
-			br.Msg = "存在非法标签"
-			br.ErrMsg = "存在非法标签, Err: " + e.Error()
-			return
-		}
 		req.Content = utils.ContentXssFilter(req.Content)
 		contentClean, e := services.FilterReportContentBr(req.Content)
 		if e != nil {
@@ -2928,12 +2904,6 @@ func (this *ReportController) PublishDayWeekReportChapter() {
 	// 更新章节信息
 	contentSub := ""
 	if req.Content != "" {
-		e := utils.ContentXssCheck(req.Content)
-		if e != nil {
-			br.Msg = "存在非法标签"
-			br.ErrMsg = "存在非法标签, Err: " + e.Error()
-			return
-		}
 		req.Content = utils.ContentXssFilter(req.Content)
 		contentClean, e := services.FilterReportContentBr(req.Content)
 		if e != nil {

services/report.go

@@ -937,12 +937,6 @@ func PcCreateAndUploadSunCode(scene, page string) (imgUrl string, err error) {
 func CreateNewReport(req models.AddReq, adminInfo *system.Admin) (newReportId int64, reportCode, errMsg string, err error) {
 	contentSub := ""
 	if req.Content != "" {
-		e := utils.ContentXssCheck(req.Content)
-		if e != nil {
-			errMsg = "存在非法标签"
-			err = errors.New("存在非法标签, Err: " + e.Error())
-			return
-		}
 		req.Content = utils.ContentXssFilter(req.Content)
 		contentClean, e := FilterReportContentBr(req.Content)
 		if e != nil {

utils/common.go

@@ -15,7 +15,6 @@ import (
 	"github.com/PuerkitoBio/goquery"
 	"github.com/microcosm-cc/bluemonday"
 	"github.com/shopspring/decimal"
-	xhtml "golang.org/x/net/html"
 	"html"
 	"image"
 	"image/png"
@@ -2300,66 +2299,6 @@ func GetColorMap() map[int]string {
 	return colorMap
 }
 
-// 检查src属性是否以http或data:image开头
-func isValidSrc(src string) bool {
-	validSchemes := regexp.MustCompile(`^(http|https|data:image):[\w\./?%&=]*$`)
-	fmt.Println(validSchemes.MatchString(src))
-	return validSchemes.MatchString(src)
-}
-
-// ContentXssCheck 校验文本中的JS代码
-func ContentXssCheck(content string) (err error) {
-	// 解析HTML内容
-	node, err := xhtml.Parse(strings.NewReader(content))
-	if err != nil {
-		err = fmt.Errorf(" html.Parse Err: %v", err)
-		return
-	}
-
-	// 遍历解析后的节点树，查找特定标签
-	var visit func(n *xhtml.Node)
-	visit = func(n *xhtml.Node) {
-		if n.Type == xhtml.ElementNode {
-			lowerData := strings.ToLower(n.Data)
-			switch lowerData {
-			case "script", "javascript":
-				err = fmt.Errorf(" script is forbidden")
-				return
-			default:
-				for _, attr := range n.Attr { //判断事件
-					lowerKey := strings.ToLower(attr.Key)
-					if lowerKey == "src" {
-						if !isValidSrc(attr.Val) {
-							err = fmt.Errorf("invalid src attribute value: %s", attr.Val)
-							return
-						}
-					}
-					if lowerKey == "onmouseover" || lowerKey == "onclick" || lowerKey == "onerror" {
-						err = fmt.Errorf("the event is forbidden: %s:%s", attr.Key, attr.Val)
-						return
-					}
-				}
-				/*	case "src":
-					// 如果<src>是某个标签的属性，你可能需要递归检查其父节点
-					// 这里简单起见，我们假设<src>不是有效的HTML标签，并忽略它
-					// 在实际中，你可能需要更复杂的逻辑来处理这种情况
-					fmt.Println("Warning: Unexpected 'src' tag found.")*/
-			}
-		}
-		for c := n.FirstChild; c != nil; c = c.NextSibling {
-			visit(c)
-			if err != nil {
-				return
-			}
-		}
-	}
-	visit(node)
-	if err != nil {
-		return
-	}
-	return
-}
-
 func ContentXssFilter(content string) (cleanContent string) {
 	p := customXssPolicy()