From 6b5dd4d2be69759a8a2452195d0fb0b0ef52e72a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 28 七月 2021 16:04:59 +0800
Subject: [PATCH] 优化XSS跨站脚本过滤
---
ruoyi-ui/src/views/system/menu/index.vue | 88 ++++++++++++++++++++++++++++++++++----------
1 files changed, 68 insertions(+), 20 deletions(-)
diff --git a/ruoyi-ui/src/views/system/menu/index.vue b/ruoyi-ui/src/views/system/menu/index.vue
index 52f15a4..059f8d8 100644
--- a/ruoyi-ui/src/views/system/menu/index.vue
+++ b/ruoyi-ui/src/views/system/menu/index.vue
@@ -21,7 +21,7 @@
</el-select>
</el-form-item>
<el-form-item>
- <el-button type="cyan" icon="el-icon-search" size="mini" @click="handleQuery">搜索</el-button>
+ <el-button type="primary" icon="el-icon-search" size="mini" @click="handleQuery">搜索</el-button>
<el-button icon="el-icon-refresh" size="mini" @click="resetQuery">重置</el-button>
</el-form-item>
</el-form>
@@ -30,6 +30,7 @@
<el-col :span="1.5">
<el-button
type="primary"
+ plain
icon="el-icon-plus"
size="mini"
@click="handleAdd"
@@ -88,7 +89,7 @@
<!-- 添加或修改菜单对话框 -->
<el-dialog :title="title" :visible.sync="open" width="600px" append-to-body>
- <el-form ref="form" :model="form" :rules="rules" label-width="80px">
+ <el-form ref="form" :model="form" :rules="rules" label-width="100px">
<el-row>
<el-col :span="24">
<el-form-item label="上级菜单">
@@ -143,7 +144,13 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="是否外链">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择是外链则路由地址需要以`http(s)://`开头" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 是否外链
+ </span>
<el-radio-group v-model="form.isFrame">
<el-radio label="0">是</el-radio>
<el-radio label="1">否</el-radio>
@@ -151,22 +158,46 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="路由地址" prop="path">
+ <el-form-item v-if="form.menuType != 'F'" prop="path">
+ <span slot="label">
+ <el-tooltip content="访问的路由地址,如:`user`,如外网地址需内链访问则以`http(s)://`开头" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 路由地址
+ </span>
<el-input v-model="form.path" placeholder="请输入路由地址" />
</el-form-item>
</el-col>
<el-col :span="12" v-if="form.menuType == 'C'">
- <el-form-item label="组件路径" prop="component">
+ <el-form-item prop="component">
+ <span slot="label">
+ <el-tooltip content="访问的组件路径,如:`system/user/index`,默认在`views`目录下" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 组件路径
+ </span>
<el-input v-model="form.component" placeholder="请输入组件路径" />
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'M'" label="权限标识">
- <el-input v-model="form.perms" placeholder="请权限标识" maxlength="50" />
+ <el-form-item v-if="form.menuType != 'M'">
+ <el-input v-model="form.perms" placeholder="请输入权限标识" maxlength="100" />
+ <span slot="label">
+ <el-tooltip content="控制器中定义的权限字符,如:@PreAuthorize(`@ss.hasPermi('system:user:list')`)" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 权限字符
+ </span>
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="显示状态">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择隐藏则路由将不会出现在侧边栏,但仍然可以访问" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 显示状态
+ </span>
<el-radio-group v-model="form.visible">
<el-radio
v-for="dict in visibleOptions"
@@ -177,13 +208,33 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="菜单状态">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择停用则路由将不会出现在侧边栏,也不能被访问" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 菜单状态
+ </span>
<el-radio-group v-model="form.status">
<el-radio
v-for="dict in statusOptions"
:key="dict.dictValue"
:label="dict.dictValue"
>{{dict.dictLabel}}</el-radio>
+ </el-radio-group>
+ </el-form-item>
+ </el-col>
+ <el-col :span="12">
+ <el-form-item v-if="form.menuType == 'C'">
+ <span slot="label">
+ <el-tooltip content="选择是则会被`keep-alive`缓存,需要匹配组件的`name`和地址保持一致" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 是否缓存
+ </span>
+ <el-radio-group v-model="form.isCache">
+ <el-radio label="0">缓存</el-radio>
+ <el-radio label="1">不缓存</el-radio>
</el-radio-group>
</el-form-item>
</el-col>
@@ -316,6 +367,7 @@
menuType: "M",
orderNum: undefined,
isFrame: "1",
+ isCache: "0",
visible: "0",
status: "0"
};
@@ -358,19 +410,15 @@
if (valid) {
if (this.form.menuId != undefined) {
updateMenu(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("修改成功");
- this.open = false;
- this.getList();
- }
+ this.msgSuccess("修改成功");
+ this.open = false;
+ this.getList();
});
} else {
addMenu(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("新增成功");
- this.open = false;
- this.getList();
- }
+ this.msgSuccess("新增成功");
+ this.open = false;
+ this.getList();
});
}
}
@@ -387,7 +435,7 @@
}).then(() => {
this.getList();
this.msgSuccess("删除成功");
- }).catch(function() {});
+ }).catch(() => {});
}
}
};
--
Gitblit v1.9.2