解决Tester框架聊天界面的html注入问题

kosaka-bun · Sep 17, 2022 · 137c52d · 137c52d
1 parent d7ccecb
commit 137c52d
Show file tree

Hide file tree

Showing 12 changed files with 27 additions and 61 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,5 @@ build/
 
 .idea/
 *.iml
-.gradle/
+.gradle/
+/qqrobot-spring-boot-starter/src/main/resources/framework/tester/
diff --git a/build.gradle b/build.gradle
@@ -9,7 +9,9 @@ subprojects {
 
     repositories {
         mavenCentral()
-        mavenLocal()
+        maven {
+            url 'https://www.honoka.de/maven-repo/'
+        }
     }
 
     dependencies {

diff --git a/...-spring-boot-starter/src/main/java/de/honoka/qqrobot/starter/common/ConditionalBeans.java b/...-spring-boot-starter/src/main/java/de/honoka/qqrobot/starter/common/ConditionalBeans.java
@@ -9,17 +9,9 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
-import javax.annotation.Resource;
-
 @Configuration
 public class ConditionalBeans {
 
-    @Resource
-    private MessageExecutor messageExecutor;
-
-    @Resource
-    private RobotBeanHolder robotBeanHolder;
-
     @ConditionalOnMissingBean(RobotLogger.class)
     @Bean
     public DefaultRobotLogger defaultRobotLogger() {
@@ -28,7 +20,9 @@ public DefaultRobotLogger defaultRobotLogger() {
 
     @ConditionalOnMissingBean(FrameworkCallback.class)
     @Bean
-    public DefaultFrameworkCallback defaultFrameworkCallback() {
+    public DefaultFrameworkCallback defaultFrameworkCallback(
+            MessageExecutor messageExecutor,
+            RobotBeanHolder robotBeanHolder) {
         return new DefaultFrameworkCallback(messageExecutor, robotBeanHolder);
     }
 }
diff --git a/...spring-boot-starter/src/main/java/de/honoka/qqrobot/starter/framework/FrameworkBeans.java b/...spring-boot-starter/src/main/java/de/honoka/qqrobot/starter/framework/FrameworkBeans.java
@@ -11,35 +11,27 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
-import javax.annotation.Resource;
-
 @Configuration
 public class FrameworkBeans {
 
-    @Resource
-    private FrameworkCallback frameworkCallback;
-
-    @Resource
-    private RobotBasicProperties basicProperties;
-
-    @Resource
-    private MiraiProperties miraiProperties;
-
-    @Resource
-    private TesterProperties testerProperties;
-
     @ConditionalOnProperty(prefix = "honoka.qqrobot",
             name = "framework", havingValue = "mirai")
     @Bean
-    public MiraiFramework miraiFramework() {
+    public MiraiFramework miraiFramework(
+            FrameworkCallback frameworkCallback,
+            RobotBasicProperties basicProperties,
+            MiraiProperties miraiProperties) {
         return new MiraiFramework(frameworkCallback, basicProperties,
                 miraiProperties);
     }
 
     @ConditionalOnProperty(prefix = "honoka.qqrobot", name = "framework",
             havingValue = "tester", matchIfMissing = true)
     @Bean
-    public TesterFramework testerFramework() {
+    public TesterFramework testerFramework(
+            FrameworkCallback frameworkCallback,
+            RobotBasicProperties basicProperties,
+            TesterProperties testerProperties) {
         return new TesterFramework(frameworkCallback, basicProperties,
                 testerProperties);
     }

diff --git a/...starter/src/main/java/de/honoka/qqrobot/starter/framework/tester/config/TesterConfig.java b/...starter/src/main/java/de/honoka/qqrobot/starter/framework/tester/config/TesterConfig.java
@@ -15,12 +15,14 @@ public class TesterConfig {
     @Value("${server.port}")
     private int serverPort;
 
+    @Value("${server.servlet.context-path:}")
+    private String contextPath;
+
     @Resource
     private TesterProperties testerProperties;
 
     public String getTesterUrl() {
-        return "http://localhost:" + serverPort +
-                testerProperties.getWebPrefix() +
-                "/index.html";
+        return "http://localhost:" + serverPort + contextPath +
+                testerProperties.getWebPrefix() + "/index.html";
     }
 }
diff --git a/qqrobot-spring-boot-starter/src/main/resources/framework/tester/web/index.html b/qqrobot-spring-boot-starter/src/main/resources/framework/tester/web/index.html
diff --git a/...t-spring-boot-starter/src/main/resources/framework/tester/web/static/avatar.png b/...t-spring-boot-starter/src/main/resources/framework/tester/web/static/avatar.png
diff --git a/...t-starter/src/main/resources/framework/tester/web/static/css/125-353da2ef86de8ba270c0.css b/...t-starter/src/main/resources/framework/tester/web/static/css/125-353da2ef86de8ba270c0.css
diff --git a/...oot-starter/src/main/resources/framework/tester/web/static/js/125-353da2ef86de8ba270c0.js b/...oot-starter/src/main/resources/framework/tester/web/static/js/125-353da2ef86de8ba270c0.js
diff --git a/...src/main/resources/framework/tester/web/static/js/125-353da2ef86de8ba270c0.js.LICENSE.txt b/...src/main/resources/framework/tester/web/static/js/125-353da2ef86de8ba270c0.js.LICENSE.txt
diff --git a/qqrobot-spring-boot-starter/web/build.bat b/qqrobot-spring-boot-starter/web/build.bat
@@ -1,5 +1,5 @@
 rmdir /s /q ..\src\main\resources\framework\tester\web
 call npm run build:prod
-move .\dist ..\src/main\resources\framework\tester\
-cd ..\src/main\resources\framework\tester\
+move .\dist ..\src\main\resources\framework\tester\
+cd ..\src\main\resources\framework\tester\
 ren dist web
diff --git a/qqrobot-spring-boot-starter/web/src/pages/index/component/MessageContainer.vue b/qqrobot-spring-boot-starter/web/src/pages/index/component/MessageContainer.vue
@@ -169,7 +169,10 @@ export default {
             this.scrollToEnd();
         },
         translateToHtml(str) {
-            return str.replace(/ /g, '&nbsp;')
+            return str.replace(/&/g, '&amp;')
+                .replace(/</g, '&lt;')
+                .replace(/>/g, '&gt;')
+                .replace(/ /g, '&nbsp;')
                 .replace(/\n/g, '<br />');
         },
         getImagePath(name) {