From 4bfce9cea309ad8904ead316d7902378623c87d7 Mon Sep 17 00:00:00 2001
From: z418577198 <418577198@qq.com>
Date: Tue, 2 Sep 2025 10:32:14 +0800
Subject: [PATCH 1/8] Merge pull request #12198 from 2betop/fix-xss-issue
(#12201)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
fix: 修复 Html 渲染部分场景没有执行 xss 过滤器的问题
Co-authored-by: Allen
---
packages/amis-ui/src/components/Html.tsx | 8 +++++++-
packages/amis-ui/src/components/TooltipWrapper.tsx | 8 ++------
packages/amis-ui/src/index.tsx | 4 +++-
packages/amis/src/preset.tsx | 10 ++++++----
packages/amis/src/renderers/App.tsx | 6 +-----
packages/amis/src/renderers/CRUD.tsx | 2 +-
packages/amis/src/renderers/CRUD2.tsx | 5 +----
packages/amis/src/renderers/Carousel.tsx | 2 +-
packages/amis/src/renderers/Form/Picker.tsx | 2 +-
9 files changed, 23 insertions(+), 24 deletions(-)
diff --git a/packages/amis-ui/src/components/Html.tsx b/packages/amis-ui/src/components/Html.tsx
index 5d454453d72..5f638309909 100644
--- a/packages/amis-ui/src/components/Html.tsx
+++ b/packages/amis-ui/src/components/Html.tsx
@@ -17,6 +17,8 @@ export interface HtmlProps {
filterHtml?: (input: string) => string;
}
+export const HTMLFilterContext = React.createContext((txt: string) => txt);
+
export class Html extends React.Component {
static defaultProps = {
inline: true
@@ -24,6 +26,8 @@ export class Html extends React.Component {
dom: any;
+ static contextType = HTMLFilterContext;
+
constructor(props: HtmlProps) {
super(props);
this.htmlRef = this.htmlRef.bind(this);
@@ -49,7 +53,9 @@ export class Html extends React.Component {
const {html, filterHtml} = this.props;
if (html) {
- this.dom.innerHTML = filterHtml ? filterHtml(html) : html;
+ let filter: (text: string) => string =
+ filterHtml || (this.context as any) || ((text: string) => text);
+ this.dom.innerHTML = filter(html);
}
}
diff --git a/packages/amis-ui/src/components/TooltipWrapper.tsx b/packages/amis-ui/src/components/TooltipWrapper.tsx
index cae30849880..de44eff3353 100644
--- a/packages/amis-ui/src/components/TooltipWrapper.tsx
+++ b/packages/amis-ui/src/components/TooltipWrapper.tsx
@@ -317,8 +317,7 @@ export class TooltipWrapper extends React.Component<
offset,
tooltipTheme = 'light',
showArrow = true,
- children,
- filterHtml
+ children
} = tooltipObj;
const childProps: any = {
@@ -372,10 +371,7 @@ export class TooltipWrapper extends React.Component<
{children ? (
<>{typeof children === 'function' ? children() : children}
) : (
-
+
)}
diff --git a/packages/amis-ui/src/index.tsx b/packages/amis-ui/src/index.tsx
index 6b843dc059e..53cdcbc84cc 100644
--- a/packages/amis-ui/src/index.tsx
+++ b/packages/amis-ui/src/index.tsx
@@ -13,10 +13,12 @@ import type {SchemaEditorItemPlaceholder} from './components/schema-editor/Commo
import {schemaEditorItemPlaceholder} from './components/schema-editor/Common';
import withStore from './withStore';
import withRemoteConfig from './withRemoteConfig';
+import {HTMLFilterContext} from './components/Html';
export {
schemaEditorItemPlaceholder,
SchemaEditorItemPlaceholder,
withStore,
- withRemoteConfig
+ withRemoteConfig,
+ HTMLFilterContext
};
diff --git a/packages/amis/src/preset.tsx b/packages/amis/src/preset.tsx
index a9aeb1e5c6c..391b16916c8 100644
--- a/packages/amis/src/preset.tsx
+++ b/packages/amis/src/preset.tsx
@@ -6,7 +6,7 @@ import {
themeable,
ThemeProps
} from 'amis-core';
-import {ImageGallery} from 'amis-ui';
+import {HTMLFilterContext, ImageGallery} from 'amis-ui';
import {setRenderSchemaFn} from 'amis-ui/lib/components/Alert';
import {alert, confirm} from 'amis-ui/lib/components/Alert';
import {toast} from 'amis-ui/lib/components/Toast';
@@ -46,9 +46,11 @@ setRenderSchemaFn((controls, value, callback, scopeRef, theme) => {
addRootWrapper((props: any) => {
const {env, children} = props;
return (
-
- {children}
-
+
+
+ {children}
+
+
);
});
diff --git a/packages/amis/src/renderers/App.tsx b/packages/amis/src/renderers/App.tsx
index 9801312f888..ab3cb4f4fe9 100644
--- a/packages/amis/src/renderers/App.tsx
+++ b/packages/amis/src/renderers/App.tsx
@@ -337,11 +337,7 @@ export class App extends React.Component {
{logo && ~logo.indexOf('
+
) : logo ? (
) : (
diff --git a/packages/amis/src/renderers/CRUD.tsx b/packages/amis/src/renderers/CRUD.tsx
index 7a2f68feadd..06663bcddc0 100644
--- a/packages/amis/src/renderers/CRUD.tsx
+++ b/packages/amis/src/renderers/CRUD.tsx
@@ -2763,7 +2763,7 @@ export default class CRUD extends React.Component {
{labelTpl ? (
-
+
) : (
getVariable(item, labelField || 'label') ||
getVariable(item, valueField || primaryField || 'id')
diff --git a/packages/amis/src/renderers/CRUD2.tsx b/packages/amis/src/renderers/CRUD2.tsx
index fc5243109af..981b79b521f 100644
--- a/packages/amis/src/renderers/CRUD2.tsx
+++ b/packages/amis/src/renderers/CRUD2.tsx
@@ -1424,10 +1424,7 @@ export default class CRUD2 extends React.Component {
{labelTpl ? (
-
+
) : (
getVariable(item, labelField || 'label') ||
getVariable(item, primaryField || 'id')
diff --git a/packages/amis/src/renderers/Carousel.tsx b/packages/amis/src/renderers/Carousel.tsx
index 525a036e47b..c5c307e68d7 100644
--- a/packages/amis/src/renderers/Carousel.tsx
+++ b/packages/amis/src/renderers/Carousel.tsx
@@ -170,7 +170,7 @@ const defaultSchema = {
className={cx('Carousel-image')}
/>
) : data.hasOwnProperty('html') ? (
-
+
) : data.hasOwnProperty('item') ? (
{data.item}
) : (
diff --git a/packages/amis/src/renderers/Form/Picker.tsx b/packages/amis/src/renderers/Form/Picker.tsx
index 26a6e1a611a..ea82d4699fa 100644
--- a/packages/amis/src/renderers/Form/Picker.tsx
+++ b/packages/amis/src/renderers/Form/Picker.tsx
@@ -605,7 +605,7 @@ export default class PickerControl extends React.PureComponent<
}}
>
{labelTpl ? (
-
+
) : (
`${
getVariable(item, labelField || 'label') ||
From efeaa4509c3d7791f2af1d7bf6796b49b0560878 Mon Sep 17 00:00:00 2001
From: qinhaoyan <30946345+qinhaoyan@users.noreply.github.com>
Date: Wed, 3 Sep 2025 18:00:27 +0800
Subject: [PATCH 2/8] =?UTF-8?q?chore:=20=E8=A1=A5=E5=85=85=E5=A4=96?=
=?UTF-8?q?=E8=A7=82=E7=BC=96=E8=BE=91=E5=99=A8=E7=BB=84=E4=BB=B6=E8=AF=AD?=
=?UTF-8?q?=E6=96=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
packages/amis-theme-editor-helper/i18nConfig.js | 3 ---
.../amis-theme-editor-helper/src/locale/en-US.ts | 15 ++++++++++++++-
.../amis-theme-editor-helper/src/locale/zh-CN.ts | 15 ++++++++++++++-
.../src/renderers/Border.tsx | 6 ++++--
4 files changed, 32 insertions(+), 7 deletions(-)
diff --git a/packages/amis-theme-editor-helper/i18nConfig.js b/packages/amis-theme-editor-helper/i18nConfig.js
index 6b9da4917f1..ae811dddfb1 100644
--- a/packages/amis-theme-editor-helper/i18nConfig.js
+++ b/packages/amis-theme-editor-helper/i18nConfig.js
@@ -6,9 +6,6 @@ module.exports = {
test: /.*(ts|tsx|js|jsx)$/
},
includes: ['src/renderers'],
- ignore: {
- list: ['src/*']
- },
importInfo: {
source: 'i18n-runtime',
imported: 'i18n',
diff --git a/packages/amis-theme-editor-helper/src/locale/en-US.ts b/packages/amis-theme-editor-helper/src/locale/en-US.ts
index 39a146e88c9..6c0565c2b51 100644
--- a/packages/amis-theme-editor-helper/src/locale/en-US.ts
+++ b/packages/amis-theme-editor-helper/src/locale/en-US.ts
@@ -229,5 +229,18 @@ extendLocale('en-US', {
'c0215e2abf0fe27597acba2be64f6993': 'Small size',
'93dee976f68681ec6950380d757d8c18': 'Multiple selection mode',
'9be232c5cffa019aab21bd631ff23462': 'Yunshe',
- '1dfba2e7e2df2efc4a25f4f2adcba25e': 'System preset theme'
+ '1dfba2e7e2df2efc4a25f4f2adcba25e': 'System preset theme',
+ '96b15b89fd7df6180780a7ac7305ba7c': 'Border size',
+ '84fafbb9668c30ba550e8bd3ebab65a6': 'Border style',
+ '9b4bae5d8251de0b6f00b704936b00d3': 'Border color',
+ 'd9c2ace0d7ecc55bdea2fd91732ca29c': 'Gradient',
+ '20def7942674282277c3714ed7ea6ce0': 'image',
+ '690660d9dbd7312ad2825e554736e2f8': 'Font color',
+ '5f15efdc32badce0902c46a7a0105c51': 'Font size',
+ '916e646c9e6add3ae7053cbec7c37d91': 'Font weight',
+ 'c3ce3c8fd80b9b9e221353faa162facf': 'Line height',
+ '4e7f76261f8c4c6d78998f85fc1f4c6e': 'Margin',
+ '841d77223f0ec8cd0b530ed8e0775b20': 'Padding',
+ 'border-size': 'Border size',
+ 'border-style': 'Border style'
});
diff --git a/packages/amis-theme-editor-helper/src/locale/zh-CN.ts b/packages/amis-theme-editor-helper/src/locale/zh-CN.ts
index c522428a840..b088e72b209 100644
--- a/packages/amis-theme-editor-helper/src/locale/zh-CN.ts
+++ b/packages/amis-theme-editor-helper/src/locale/zh-CN.ts
@@ -228,5 +228,18 @@ extendLocale('zh-CN', {
'c0215e2abf0fe27597acba2be64f6993': '尺寸小',
'93dee976f68681ec6950380d757d8c18': '多选模式',
'9be232c5cffa019aab21bd631ff23462': '云舍',
- '1dfba2e7e2df2efc4a25f4f2adcba25e': '系统预设主题'
+ '1dfba2e7e2df2efc4a25f4f2adcba25e': '系统预设主题',
+ '96b15b89fd7df6180780a7ac7305ba7c': '边框粗细',
+ '84fafbb9668c30ba550e8bd3ebab65a6': '边框样式',
+ '9b4bae5d8251de0b6f00b704936b00d3': '边框颜色',
+ 'd9c2ace0d7ecc55bdea2fd91732ca29c': '渐变',
+ '20def7942674282277c3714ed7ea6ce0': '图片',
+ '690660d9dbd7312ad2825e554736e2f8': '字体颜色',
+ '5f15efdc32badce0902c46a7a0105c51': '字体大小',
+ '916e646c9e6add3ae7053cbec7c37d91': '字体字重',
+ 'c3ce3c8fd80b9b9e221353faa162facf': '字体行高',
+ '4e7f76261f8c4c6d78998f85fc1f4c6e': '外边距',
+ '841d77223f0ec8cd0b530ed8e0775b20': '内边距',
+ 'border-size': '边框粗细',
+ 'border-style': '边框样式'
});
diff --git a/packages/amis-theme-editor-helper/src/renderers/Border.tsx b/packages/amis-theme-editor-helper/src/renderers/Border.tsx
index a728ccc59f2..ef70927a60a 100644
--- a/packages/amis-theme-editor-helper/src/renderers/Border.tsx
+++ b/packages/amis-theme-editor-helper/src/renderers/Border.tsx
@@ -281,7 +281,9 @@ function BoxBorder(props: BorderProps & FormControlProps) {
borderType === 'all' ? 'top' : borderType
}-border-width`}
state={state}
- placeholder={editorDefaultValue?.[getKey('width')] || '边框粗细'}
+ placeholder={
+ editorDefaultValue?.[getKey('width')] || _i18n('border-size')
+ }
/>