cropperjs icon indicating copy to clipboard operation
cropperjs copied to clipboard

Published 20 hours ago verified publisher icon fengyuanchen

网络安全漏洞修复

Open yang870516 opened this issue 1 year ago • 0 comments

Hi! 👋

Firstly, thanks for your work on this project! 🙂

Today I used patch-package to patch [email protected] for the project I'm working on.

Here is the diff that solved my problem:

diff --git a/node_modules/cropperjs/dist/cropper.js b/node_modules/cropperjs/dist/cropper.js
index 07b6545..4a11d82 100644
--- a/node_modules/cropperjs/dist/cropper.js
+++ b/node_modules/cropperjs/dist/cropper.js
@@ -1627,10 +1627,12 @@
       forEach(previews, function (el) {
         var img = document.createElement('img'); // Save the original size for recover
         
+		//网络安全漏洞修复 20231107 yangxl
+		let _textValue = (el.textContent != undefined ) ? el.textContent:el.innerText;
         setData(el, DATA_PREVIEW, {
           width: el.offsetWidth,
           height: el.offsetHeight,
-          html: el.innerHTML
+          html: _textValue
         });
 
         if (crossOrigin) {
@@ -1647,7 +1649,8 @@
          */
 
         img.style.cssText = 'display:block;' + 'width:100%;' + 'height:auto;' + 'min-width:0!important;' + 'min-height:0!important;' + 'max-width:none!important;' + 'max-height:none!important;' + 'image-orientation:0deg!important;"';
-        el.innerHTML = '';
+		//网络安全漏洞修复 20231107 yangxl
+		(el.textContent != undefined ) ? (el.textContent = ''):(el.innerText = '');
         el.appendChild(img);
       });
     },
@@ -1658,7 +1661,8 @@
           width: data.width,
           height: data.height
         });
-        element.innerHTML = data.html;
+        //网络安全漏洞修复 20231107 yangxl
+		(element.textContent != undefined ) ? (element.textContent = data.html) : (element.innerText = data.html);
         removeData(element, DATA_PREVIEW);
       });
     },
@@ -3493,7 +3497,9 @@
 
         var container = element.parentNode;
         var template = document.createElement('div');
-        template.innerHTML = TEMPLATE;
+        //网络安全漏洞修复 20231107 yangxl
+				(template.textContent != undefined ) ? (template.textContent = TEMPLATE) : (template.innerText = TEMPLATE);
+				
         var cropper = template.querySelector(".".concat(NAMESPACE, "-container"));
         var canvas = cropper.querySelector(".".concat(NAMESPACE, "-canvas"));
         var dragBox = cropper.querySelector(".".concat(NAMESPACE, "-drag-box"));

This issue body was partially generated by patch-package.

yang870516 avatar Nov 07 '23 09:11 yang870516