diff --git a/components/PrismMac.js b/components/PrismMac.js index 60cc0983a73..d7778219b1c 100644 --- a/components/PrismMac.js +++ b/components/PrismMac.js @@ -12,6 +12,7 @@ import 'prismjs/plugins/line-numbers/prism-line-numbers.css' // mermaid图 import BLOG from '@/blog.config' import { isBrowser, loadExternalResource } from '@/lib/utils' +import sanitizeHtml from 'sanitize-html'; /** * @author https://github.com/txs/ @@ -43,7 +44,7 @@ const renderMermaid = async() => { const mermaidPres = document.querySelectorAll('pre.notion-code.language-mermaid') if (mermaidPres) { for (const e of mermaidPres) { - const chart = e.querySelector('code').textContent + const chart = sanitizeHtml(e.querySelector('code').textContent) if (chart && !e.querySelector('.mermaid')) { const m = document.createElement('div') m.className = 'mermaid' diff --git a/package.json b/package.json index 17ccfcf4b2b..f70f6ddda15 100644 --- a/package.json +++ b/package.json @@ -52,6 +52,7 @@ "react-notion-x": "6.16.0", "react-share": "^4.4.1", "react-tweet-embed": "~2.0.0", + "sanitize-html": "^2.10.0", "smoothscroll-polyfill": "^0.4.4", "twikoo": "1.6.16", "typed.js": "^2.0.15", diff --git a/themes/fukasawa/LayoutSearch.js b/themes/fukasawa/LayoutSearch.js index fcfa35b2c23..29147c72204 100644 --- a/themes/fukasawa/LayoutSearch.js +++ b/themes/fukasawa/LayoutSearch.js @@ -6,11 +6,12 @@ import { useRouter } from 'next/router' import { useEffect } from 'react' import Mark from 'mark.js' import { isBrowser } from '@/lib/utils' +import sanitizeHtml from 'sanitize-html'; export const LayoutSearch = (props) => { const { keyword } = props const router = useRouter() - const currentSearch = keyword || router?.query?.s + const currentSearch = sanitizeHtml(keyword || router?.query?.s) useEffect(() => { setTimeout(() => { const container = isBrowser() && document.getElementById('container') diff --git a/themes/hexo/LayoutSearch.js b/themes/hexo/LayoutSearch.js index bf9c6daa5f5..40f1ec84360 100644 --- a/themes/hexo/LayoutSearch.js +++ b/themes/hexo/LayoutSearch.js @@ -10,12 +10,14 @@ import Mark from 'mark.js' import TagItemMini from './components/TagItemMini' import Card from './components/Card' import Link from 'next/link' +import sanitizeHtml from 'sanitize-html'; export const LayoutSearch = props => { const { keyword, tagOptions, categoryOptions } = props const { locale } = useGlobal() const router = useRouter() - const currentSearch = keyword || router?.query?.s + const tempSearch = sanitizeHtml(keyword || router?.query?.s) + const currentSearch = tempSearch const cRef = useRef(null) useEffect(() => { diff --git a/themes/matery/LayoutSearch.js b/themes/matery/LayoutSearch.js index 94ccbb96705..4b4b2adea59 100644 --- a/themes/matery/LayoutSearch.js +++ b/themes/matery/LayoutSearch.js @@ -10,12 +10,14 @@ import Mark from 'mark.js' import TagItemMini from './components/TagItemMini' import Card from './components/Card' import Link from 'next/link' +import sanitizeHtml from 'sanitize-html'; export const LayoutSearch = props => { const { keyword, tagOptions, categoryOptions } = props const { locale } = useGlobal() const router = useRouter() - const currentSearch = keyword || router?.query?.s + const tempSearch = sanitizeHtml(keyword || router?.query?.s) + const currentSearch = tempSearch const cRef = useRef(null) useEffect(() => { diff --git a/themes/matery/components/WordCount.js b/themes/matery/components/WordCount.js index be39bff6756..72dab6b4d40 100644 --- a/themes/matery/components/WordCount.js +++ b/themes/matery/components/WordCount.js @@ -1,4 +1,5 @@ import { useEffect } from 'react' +import sanitizeHtml from 'sanitize-html'; /** * 字数统计 @@ -41,7 +42,7 @@ function deleteHtmlTag(str) { if (!str) { return '' } - str = str.replace(/<[^>]+>|&[^>]+;/g, '').trim()// 去掉所有的html标签和 之类的特殊符合 + str = sanitizeHtml(str) return str } diff --git a/themes/next/components/WordCount.js b/themes/next/components/WordCount.js index 2062e69a842..3a948453d07 100644 --- a/themes/next/components/WordCount.js +++ b/themes/next/components/WordCount.js @@ -1,4 +1,5 @@ import { useEffect } from 'react' +import sanitizeHtml from 'sanitize-html'; /** * 字数统计 @@ -32,7 +33,7 @@ function deleteHtmlTag(str) { if (!str) { return '' } - str = str.replace(/<[^>]+>|&[^>]+;/g, '').trim()// 去掉所有的html标签和 之类的特殊符合 + str = sanitizeHtml(str)// 去掉所有的html标签和 之类的特殊符合 return str }