Merge pull request #910 from pxgo/latest

修复
kccd · Aug 4, 2023 · d349101 · d349101
2 parents c36c91b + 23ecc6b
commit d349101
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 21 deletions.
diff --git a/nkcModules/elasticSearch.js b/nkcModules/elasticSearch.js
@@ -4,6 +4,8 @@ const elasticSearch = require('../settings/elasticSearch');
 const client = elasticSearch();
 const { ThrowCommonError } = require('../nkcModules/error');
 const esConfig = require('../config/elasticSearch');
+const cheerio = require('cheerio');
+const filterSearchContent = require('./xssFilters/filterSearchContent');
 
 const { analyzer, searchAnalyzer, indexName } = esConfig;
 
@@ -794,6 +796,16 @@ func.updateThreadForums = async (thread) => {
   });
 };
 
+func.replaceSearchResultHTMLLink = (content = '') => {
+  const nkcRender = require('./nkcRender');
+  let html = content;
+  const $ = cheerio.load(html);
+  const body = $('body');
+  nkcRender.replaceLinkInfo($, body[0]);
+  html = body.html();
+  return filterSearchContent(html);
+};
+
 module.exports = func;
 
 function createMatch(property, query, boost, relation) {

diff --git a/nkcModules/nkcRender/index.js b/nkcModules/nkcRender/index.js
@@ -449,14 +449,13 @@ class NKCRender {
     }
   }
 
+  // 替换文本中的链接为span标签，标签内容为xxx，前端再根据span属性中的链接信息恢复链接
   replaceTextLinkToHTML(content = '') {
-    let html = content;
-    const $ = cheerio.load(html);
-
+    const $ = cheerio.load('');
     const body = $('body');
+    body.text(content);
     this.replaceLinkInfo($, body[0]);
-
-    html = body.html();
+    const html = body.html();
     return htmlFilter(html);
   }
 

diff --git a/nkcModules/xssFilters/filterSearchContent.js b/nkcModules/xssFilters/filterSearchContent.js
@@ -0,0 +1,17 @@
+const xss = require('xss');
+
+module.exports = (html) => {
+  html = xss(html, {
+    whiteList: {
+      span: ['style', 'data-type', 'data-url'],
+    },
+    onTagAttr: function (tag, name, value) {
+      if (tag === 'span' && name === 'style') {
+        if (value !== 'color: #e85a71;') {
+          return '';
+        }
+      }
+    },
+  });
+  return html;
+};
diff --git a/nkcModules/xssFilters/index.js b/nkcModules/xssFilters/index.js
@@ -2,4 +2,5 @@ module.exports = {
   filterAllHTML: require('./filterAllHTML'),
   filterEditorContent: require('./filterEditorContent'),
   filterMessageContent: require('./filterMessageContent'),
+  filterSearchContent: require('./filterSearchContent'),
 };
diff --git a/pages/thread/index.pug b/pages/thread/index.pug
@@ -157,7 +157,7 @@ block content
                         .h4.text-center(style='color: #ff5a0b;') 本文已被退回修改，请作者点击编辑按钮进入编辑界面
                         p.text-center(style='border-bottom: 1px solid #ff5a0b; padding-bottom: 1rem;color: #ff5a0b;')= `退修原因：${thread.reason}`
                       if thread.type !== "fund"
-                        .h3.thread-title.text-center= thread.firstPost.t
+                        .h3.thread-title.text-center!= thread.firstPost.t
                       -const post = thread.firstPost;
                       if post.authorInfos && post.authorInfos.length > 0 && data.thread.type !== "product"
                         -var agencyIndex = 1;

diff --git a/routes/search/index.js b/routes/search/index.js
@@ -13,7 +13,7 @@ router.get('/', async (ctx, next) => {
     source: sources.search,
   });
 
-  const { nkcRender } = nkcModules;
+  const { elasticSearch } = nkcModules;
   let { page = 0, t = '', c = '', d = '', form = '' } = query;
   const { user } = data;
   // 通过mongodb精准搜索用户名
@@ -482,8 +482,8 @@ router.get('/', async (ctx, next) => {
           anonymous: post.anonymous,
           forums,
         };
-        r.title = nkcRender.replaceTextLinkToHTML(r.title + '');
-        r.abstract = nkcRender.replaceTextLinkToHTML(r.abstract + '');
+        r.title = elasticSearch.replaceSearchResultHTMLLink(r.title + '');
+        r.abstract = elasticSearch.replaceSearchResultHTMLLink(r.abstract + '');
         if (!post.anonymous) {
           r.postUser = {
             uid: postUser.uid,
@@ -514,8 +514,10 @@ router.get('/', async (ctx, next) => {
           user: u,
           uid: highlightObj[`${uid}_uid`] || u.uid,
         };
-        r.username = nkcRender.replaceTextLinkToHTML(r.username + '');
-        r.description = nkcRender.replaceTextLinkToHTML(r.description + '');
+        r.username = elasticSearch.replaceSearchResultHTMLLink(r.username + '');
+        r.description = elasticSearch.replaceSearchResultHTMLLink(
+          r.description + '',
+        );
       } else if (docType === 'column') {
         const column = columnObj[tid];
         if (!column) {
@@ -532,8 +534,8 @@ router.get('/', async (ctx, next) => {
           abbr: highlightObj[`${tid}_abbr`] || column.abbr,
           column,
         };
-        r.name = nkcRender.replaceTextLinkToHTML(r.name + '');
-        r.abbr = nkcRender.replaceTextLinkToHTML(r.abbr + '');
+        r.name = elasticSearch.replaceSearchResultHTMLLink(r.name + '');
+        r.abbr = elasticSearch.replaceSearchResultHTMLLink(r.abbr + '');
       } else if (docType === 'columnPage') {
         const page = columnPageObj[tid];
         if (!page) {
@@ -556,8 +558,8 @@ router.get('/', async (ctx, next) => {
           column,
           page,
         };
-        r.t = nkcRender.replaceTextLinkToHTML(r.t + '');
-        r.c = nkcRender.replaceTextLinkToHTML(r.c + '');
+        r.t = elasticSearch.replaceSearchResultHTMLLink(r.t + '');
+        r.c = elasticSearch.replaceSearchResultHTMLLink(r.c + '');
       } else if (docType === 'resource') {
         let resource = resourcesObj[tid];
         if (!resource) {
@@ -571,8 +573,8 @@ router.get('/', async (ctx, next) => {
           c: highlightObj[`${tid}_c`] || resource.description,
           resource,
         };
-        r.t = nkcRender.replaceTextLinkToHTML(r.t + '');
-        r.c = nkcRender.replaceTextLinkToHTML(r.c + '');
+        r.t = elasticSearch.replaceSearchResultHTMLLink(r.t + '');
+        r.c = elasticSearch.replaceSearchResultHTMLLink(r.c + '');
       } else if (docType === 'document_article') {
         //article文章搜索
         const article = articlesObj[tid];
@@ -621,8 +623,8 @@ router.get('/', async (ctx, next) => {
         if (column) {
           r.column = column;
         }
-        r.title = nkcRender.replaceTextLinkToHTML(r.title + '');
-        r.abstract = nkcRender.replaceTextLinkToHTML(r.abstract + '');
+        r.title = elasticSearch.replaceSearchResultHTMLLink(r.title + '');
+        r.abstract = elasticSearch.replaceSearchResultHTMLLink(r.abstract + '');
       } else if (docType === 'document_comment') {
         //comment搜索
         const comment = commentObj[tid];
@@ -655,8 +657,10 @@ router.get('/', async (ctx, next) => {
           commentTime: commentDocument.toc,
           user: commentUser,
         };
-        r.articleTitle = nkcRender.replaceTextLinkToHTML(r.articleTitle + '');
-        r.abstract = nkcRender.replaceTextLinkToHTML(r.abstract + '');
+        r.articleTitle = elasticSearch.replaceSearchResultHTMLLink(
+          r.articleTitle + '',
+        );
+        r.abstract = elasticSearch.replaceSearchResultHTMLLink(r.abstract + '');
         if (!commentDocument.anonymous) {
           r.commentUser = {
             uid: commentUser.uid,