From 6b5dd4d2be69759a8a2452195d0fb0b0ef52e72a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 28 七月 2021 16:04:59 +0800
Subject: [PATCH] 优化XSS跨站脚本过滤
---
ruoyi-ui/src/views/system/menu/index.vue | 124 +++++++++++++++++++++++++++++++---------
1 files changed, 95 insertions(+), 29 deletions(-)
diff --git a/ruoyi-ui/src/views/system/menu/index.vue b/ruoyi-ui/src/views/system/menu/index.vue
index e156b6a..059f8d8 100644
--- a/ruoyi-ui/src/views/system/menu/index.vue
+++ b/ruoyi-ui/src/views/system/menu/index.vue
@@ -1,7 +1,7 @@
<template>
<div class="app-container">
- <el-form :inline="true">
- <el-form-item label="菜单名称">
+ <el-form :model="queryParams" ref="queryForm" :inline="true" v-show="showSearch">
+ <el-form-item label="菜单名称" prop="menuName">
<el-input
v-model="queryParams.menuName"
placeholder="请输入菜单名称"
@@ -10,7 +10,7 @@
@keyup.enter.native="handleQuery"
/>
</el-form-item>
- <el-form-item label="状态">
+ <el-form-item label="状态" prop="status">
<el-select v-model="queryParams.status" placeholder="菜单状态" clearable size="small">
<el-option
v-for="dict in statusOptions"
@@ -22,9 +22,23 @@
</el-form-item>
<el-form-item>
<el-button type="primary" icon="el-icon-search" size="mini" @click="handleQuery">搜索</el-button>
- <el-button type="primary" icon="el-icon-plus" size="mini" @click="handleAdd" v-hasPermi="['system:menu:add']">新增</el-button>
+ <el-button icon="el-icon-refresh" size="mini" @click="resetQuery">重置</el-button>
</el-form-item>
</el-form>
+
+ <el-row :gutter="10" class="mb8">
+ <el-col :span="1.5">
+ <el-button
+ type="primary"
+ plain
+ icon="el-icon-plus"
+ size="mini"
+ @click="handleAdd"
+ v-hasPermi="['system:menu:add']"
+ >新增</el-button>
+ </el-col>
+ <right-toolbar :showSearch.sync="showSearch" @queryTable="getList"></right-toolbar>
+ </el-row>
<el-table
v-loading="loading"
@@ -74,8 +88,8 @@
</el-table>
<!-- 添加或修改菜单对话框 -->
- <el-dialog :title="title" :visible.sync="open" width="600px">
- <el-form ref="form" :model="form" :rules="rules" label-width="80px">
+ <el-dialog :title="title" :visible.sync="open" width="600px" append-to-body>
+ <el-form ref="form" :model="form" :rules="rules" label-width="100px">
<el-row>
<el-col :span="24">
<el-form-item label="上级菜单">
@@ -130,7 +144,13 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="是否外链">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择是外链则路由地址需要以`http(s)://`开头" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 是否外链
+ </span>
<el-radio-group v-model="form.isFrame">
<el-radio label="0">是</el-radio>
<el-radio label="1">否</el-radio>
@@ -138,22 +158,46 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="路由地址" prop="path">
+ <el-form-item v-if="form.menuType != 'F'" prop="path">
+ <span slot="label">
+ <el-tooltip content="访问的路由地址,如:`user`,如外网地址需内链访问则以`http(s)://`开头" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 路由地址
+ </span>
<el-input v-model="form.path" placeholder="请输入路由地址" />
</el-form-item>
</el-col>
<el-col :span="12" v-if="form.menuType == 'C'">
- <el-form-item label="组件路径" prop="component">
+ <el-form-item prop="component">
+ <span slot="label">
+ <el-tooltip content="访问的组件路径,如:`system/user/index`,默认在`views`目录下" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 组件路径
+ </span>
<el-input v-model="form.component" placeholder="请输入组件路径" />
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'M'" label="权限标识">
- <el-input v-model="form.perms" placeholder="请权限标识" maxlength="50" />
+ <el-form-item v-if="form.menuType != 'M'">
+ <el-input v-model="form.perms" placeholder="请输入权限标识" maxlength="100" />
+ <span slot="label">
+ <el-tooltip content="控制器中定义的权限字符,如:@PreAuthorize(`@ss.hasPermi('system:user:list')`)" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 权限字符
+ </span>
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="显示状态">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择隐藏则路由将不会出现在侧边栏,但仍然可以访问" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 显示状态
+ </span>
<el-radio-group v-model="form.visible">
<el-radio
v-for="dict in visibleOptions"
@@ -164,13 +208,33 @@
</el-form-item>
</el-col>
<el-col :span="12">
- <el-form-item v-if="form.menuType != 'F'" label="菜单状态">
+ <el-form-item v-if="form.menuType != 'F'">
+ <span slot="label">
+ <el-tooltip content="选择停用则路由将不会出现在侧边栏,也不能被访问" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 菜单状态
+ </span>
<el-radio-group v-model="form.status">
<el-radio
v-for="dict in statusOptions"
:key="dict.dictValue"
:label="dict.dictValue"
>{{dict.dictLabel}}</el-radio>
+ </el-radio-group>
+ </el-form-item>
+ </el-col>
+ <el-col :span="12">
+ <el-form-item v-if="form.menuType == 'C'">
+ <span slot="label">
+ <el-tooltip content="选择是则会被`keep-alive`缓存,需要匹配组件的`name`和地址保持一致" placement="top">
+ <i class="el-icon-question"></i>
+ </el-tooltip>
+ 是否缓存
+ </span>
+ <el-radio-group v-model="form.isCache">
+ <el-radio label="0">缓存</el-radio>
+ <el-radio label="1">不缓存</el-radio>
</el-radio-group>
</el-form-item>
</el-col>
@@ -197,6 +261,8 @@
return {
// 遮罩层
loading: true,
+ // 显示搜索条件
+ showSearch: true,
// 菜单表格树数据
menuList: [],
// 菜单树选项
@@ -301,6 +367,7 @@
menuType: "M",
orderNum: undefined,
isFrame: "1",
+ isCache: "0",
visible: "0",
status: "0"
};
@@ -310,12 +377,19 @@
handleQuery() {
this.getList();
},
+ /** 重置按钮操作 */
+ resetQuery() {
+ this.resetForm("queryForm");
+ this.handleQuery();
+ },
/** 新增按钮操作 */
handleAdd(row) {
this.reset();
this.getTreeselect();
- if (row != null) {
+ if (row != null && row.menuId) {
this.form.parentId = row.menuId;
+ } else {
+ this.form.parentId = 0;
}
this.open = true;
this.title = "添加菜单";
@@ -336,23 +410,15 @@
if (valid) {
if (this.form.menuId != undefined) {
updateMenu(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("修改成功");
- this.open = false;
- this.getList();
- } else {
- this.msgError(response.msg);
- }
+ this.msgSuccess("修改成功");
+ this.open = false;
+ this.getList();
});
} else {
addMenu(this.form).then(response => {
- if (response.code === 200) {
- this.msgSuccess("新增成功");
- this.open = false;
- this.getList();
- } else {
- this.msgError(response.msg);
- }
+ this.msgSuccess("新增成功");
+ this.open = false;
+ this.getList();
});
}
}
@@ -369,7 +435,7 @@
}).then(() => {
this.getList();
this.msgSuccess("删除成功");
- }).catch(function() {});
+ }).catch(() => {});
}
}
};
--
Gitblit v1.9.2