From 6b5dd4d2be69759a8a2452195d0fb0b0ef52e72a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 28 七月 2021 16:04:59 +0800
Subject: [PATCH] 优化XSS跨站脚本过滤
---
ruoyi-ui/src/views/system/menu/index.vue | 62 ++++++++++++++++++++++++++-----
1 files changed, 52 insertions(+), 10 deletions(-)
diff --git a/ruoyi-ui/src/views/system/menu/index.vue b/ruoyi-ui/src/views/system/menu/index.vue
index 734e8e8..059f8d8 100644
--- a/ruoyi-ui/src/views/system/menu/index.vue
+++ b/ruoyi-ui/src/views/system/menu/index.vue
@@ -89,7 +89,7 @@
<!-- 添加或修改菜单对话框 -->
<el-dialog :title="title" :visible.sync="open" width="600px" append-to-body>
- <el-form ref="form" :model="form" :rules="rules" label-width="80px">
+ <el-form ref="form" :model="form" :rules="rules" label-width="100px">
<el-row>
<el-col :span="24">
<el-form-item label="上级菜单">
@@ -144,7 +144,13 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="是否外链">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择是外链则路由地址需要以`http(s)://`开头" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 是否外链
+ </span>
<el-radio-group v-model="form.isFrame">
<el-radio label="0">是</el-radio>
<el-radio label="1">否</el-radio>
@@ -152,22 +158,46 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="路由地址" prop="path">
+ <el-form-item v-if="form.menuType != 'F'" prop="path">
+ <span slot="label">
+ <el-tooltip content="访问的路由地址,如:`user`,如外网地址需内链访问则以`http(s)://`开头" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 路由地址
+ </span>
<el-input v-model="form.path" placeholder="请输入路由地址" />
</el-form-item>
</el-col>
<el-col :span="12" v-if="form.menuType == 'C'">
- <el-form-item label="组件路径" prop="component">
+ <el-form-item prop="component">
+ <span slot="label">
+ <el-tooltip content="访问的组件路径,如:`system/user/index`,默认在`views`目录下" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 组件路径
+ </span>
<el-input v-model="form.component" placeholder="请输入组件路径" />
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'M'" label="权限标识">
- <el-input v-model="form.perms" placeholder="请权限标识" maxlength="50" />
+ <el-form-item v-if="form.menuType != 'M'">
+ <el-input v-model="form.perms" placeholder="请输入权限标识" maxlength="100" />
+ <span slot="label">
+ <el-tooltip content="控制器中定义的权限字符,如:@PreAuthorize(`@ss.hasPermi('system:user:list')`)" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 权限字符
+ </span>
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="显示状态">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择隐藏则路由将不会出现在侧边栏,但仍然可以访问" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 显示状态
+ </span>
<el-radio-group v-model="form.visible">
<el-radio
v-for="dict in visibleOptions"
@@ -178,7 +208,13 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="菜单状态">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择停用则路由将不会出现在侧边栏,也不能被访问" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 菜单状态
+ </span>
<el-radio-group v-model="form.status">
<el-radio
v-for="dict in statusOptions"
@@ -189,7 +225,13 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType == 'C'" label="是否缓存">
+ <el-form-item v-if="form.menuType == 'C'">
+ <span slot="label">
+ <el-tooltip content="选择是则会被`keep-alive`缓存,需要匹配组件的`name`和地址保持一致" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 是否缓存
+ </span>
<el-radio-group v-model="form.isCache">
<el-radio label="0">缓存</el-radio>
<el-radio label="1">不缓存</el-radio>
@@ -393,7 +435,7 @@
}).then(() => {
this.getList();
this.msgSuccess("删除成功");
- })
+ }).catch(() => {});
}
}
};
--
Gitblit v1.9.2