Skip to content

merge: merge develop to master #1483

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ielgnaw merged 19 commits into from
Nov 27, 2025
Merged

merge: merge develop to master #1483

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
5e11fa1
fix: 限制server请求url
terlinhe Jul 9, 2025
90602c1
Merge pull request #1475 from terlinhe/fix_problems
ielgnaw Jul 9, 2025
b7380b9
fix: unzip解压处理
terlinhe Jul 14, 2025
e25005c
Merge pull request #1476 from terlinhe/fix_problems
ielgnaw Jul 14, 2025
7b0cfde
feat: --story=127136780 支持在数据库配置允许远程函数访问的主域名
terlinhe Sep 16, 2025
910d765
Merge pull request #1477 from terlinhe/fix_problems
ielgnaw Sep 16, 2025
6d928b3
feat: --story=127795383 vue3项目预览时, 容器样式隔离不生效
terlinhe Sep 29, 2025
e28ce2c
fix: 问题修复
terlinhe Sep 29, 2025
c294d1f
feat: --story=118295653 对接新版bkvision
terlinhe Sep 30, 2025
b502c22
Merge pull request #1478 from terlinhe/fix_problems
ielgnaw Sep 30, 2025
145794b
feat: 升级axios版本
terlinhe Oct 11, 2025
e1c0ec7
fix: 文件写入优化
terlinhe Oct 11, 2025
dea5c22
feat: 函数列表过滤条件支持funccode
terlinhe Oct 13, 2025
3a9e655
feat: 防范属性输入公共方法抽取
terlinhe Oct 14, 2025
9e2723f
Merge pull request #1479 from terlinhe/fix_problems
ielgnaw Oct 14, 2025
a1eabbf
feat: xss防护
LivySara Nov 13, 2025
b5bb6db
Merge pull request #1480 from LivySara/lc-livy-dev-1017
terlinhe Nov 13, 2025
a8e234e
feat: --story=128886695 升级typeorm
terlinhe Nov 26, 2025
8055e44
Merge pull request #1482 from terlinhe/fix_problems
ielgnaw Nov 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion lib/client/src/api/cached-promise.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@
* specific language governing permissions and limitations under the License.
*/

import { isSafePropertyKey } from '../../../shared/security/property-injection-guard'

export default class CachedPromise {
constructor () {
this.cache = {}
Expand Down Expand Up @@ -37,7 +39,12 @@ export default class CachedPromise {
* @return {Promise} promise 对象
*/
set (id, promise) {
Object.assign(this.cache, { [id]: promise })
// 验证id是否安全,防止属性注入攻击
if (!isSafePropertyKey(id)) {
console.warn(`[Security] Rejected unsafe cache key: ${id}`)
return
}
this.cache[id] = promise
}

/**
Expand Down
2 changes: 2 additions & 0 deletions lib/client/src/api/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ axios.interceptors.response.use(
// 接口请求成功
case 0:
return data
case 200:
return data
// 需要去权限中心申请权限
case 403:
if (data.data.permissionType === 'page') {
Expand Down
2 changes: 1 addition & 1 deletion lib/client/src/api/pureAxios.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ async function getPromise (method, url, data, userConfig = {}) {
try {
const response = await axiosRequest
Object.assign(config, response.config || {})
if (Object.prototype.hasOwnProperty.call(response, 'code') && response.code !== 0) {
if (Object.prototype.hasOwnProperty.call(response, 'code') && response.code !== 0 && response.code !== 200) {
reject(response)
} else {
handleResponse({ config, response, resolve, reject })
Expand Down
10 changes: 7 additions & 3 deletions lib/client/src/common/util.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
*/

import { messageSuccess } from '@/common/bkmagic'
import DOMPurify from 'dompurify'
import { filterXss } from '@blueking/xss-filter'
import Vue from 'vue'
import LC from '@/element-materials/core'
import store from '@/store'
Expand All @@ -34,11 +34,15 @@ export function downloadFile (source, filename = 'lesscode.txt') {
const downloadEl = document.createElement('a')
const blob = new Blob([source])
downloadEl.download = filename
downloadEl.href = URL.createObjectURL(blob)
const url = URL.createObjectURL(blob)
downloadEl.href = url
downloadEl.style.display = 'none'
document.body.appendChild(downloadEl)
downloadEl.click()
document.body.removeChild(downloadEl)
setTimeout(() => {
URL.revokeObjectURL(url)
}, 100)
}

/**
Expand Down Expand Up @@ -1013,5 +1017,5 @@ export const isJSON = (str) => {

export const filterImgSrc = (src) => {
src?.replaceAll('console', '')?.replaceAll('logout', '')
return DOMPurify.sanitize(src)
return filterXss(src)
}
10 changes: 2 additions & 8 deletions lib/client/src/components/code-viewer/index.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
import screenfull from 'screenfull'
import monaco from '@/components/monaco'
import { mapGetters } from 'vuex'
import { downloadFile } from '@/common/util'

export default {
components: {
Expand Down Expand Up @@ -108,14 +109,7 @@
this.$emit('show-edit-data')
},
handleDownloadFile () {
const downlondEl = document.createElement('a')
const blob = new Blob([this.code])
downlondEl.download = this.filename
downlondEl.href = URL.createObjectURL(blob)
downlondEl.style.display = 'none'
document.body.appendChild(downlondEl)
downlondEl.click()
document.body.removeChild(downlondEl)
downloadFile(this.code, this.filename)
},
handleScreenfull () {
const el = document.querySelector(`.${this.$style['code-viewer']}`)
Expand Down
6 changes: 5 additions & 1 deletion lib/client/src/components/methods/forms/form-items/market.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import { transformTipsWidth } from '@/common/util'
import mixins from './form-item-mixins'
import { mapActions } from 'vuex'
import { filterXss } from '@blueking/xss-filter'

export default {
mixins: [mixins],
Expand Down Expand Up @@ -59,7 +60,10 @@
...tips
}
}
return tipObj
return {
...tipObj,
content: filterXss(tipObj.content)
}
},

getMarketFuncs (isExpand) {
Expand Down
53 changes: 16 additions & 37 deletions lib/client/src/components/patch/widget-bk-vision/index.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,41 +19,21 @@
},
waterMark: {
type: String
},
isFullScroll: {
type: Boolean,
default: true
},
isShowTools: {
type: Boolean,
default: true
},
isShowRefresh: {
type: Boolean,
default: true
},
isShowTimeRange: {
type: Boolean,
default: true
}
},
data () {
return {
// visionApp: {},
visionApp: {},
renderId: '',
apiPrefix: '/api/bkvision/',
cdnPrefix: 'https://staticfile.qq.com/bkvision/p8e3a7f52d95c45d795cb6f90955f2800/latest/'
cdnPrefix: 'https://staticfile.qq.com/bkvision/pbb9b207ba200407982a9bd3d3f2895d4/latest/'
}
},
computed: {
dataInfo () {
return {
apiPrefix: '/api/bkvision/'
// waterMark: { content: this.watchMark || 'bk-lesscode' },
// isFullScroll: this.isFullScroll,
// isShowTools: this.isShowTools,
// isShowRefresh: this.isShowRefresh,
// isShowTimeRange: this.isShowTimeRange
apiPrefix: '/api/bkvision/',
waterMark: { content: this.watchMark || 'bk-lesscode' },
}
}

Expand All @@ -64,15 +44,6 @@
},
waterMark () {
this.debounceRender()
},
isShowTools () {
this.debounceRender()
},
isShowRefresh () {
this.debounceRender()
},
isShowTimeRange () {
this.debounceRender()
}
},
created () {
Expand All @@ -91,11 +62,9 @@
methods: {
async loadSdk () {
const link = document.createElement('link')
link.href = 'https://staticfile.qq.com/bkvision/p8e3a7f52d95c45d795cb6f90955f2800/3c3de519287048dcb4c5a03d47ebf33f/main.css'
link.href = 'https://staticfile.qq.com/bkvision/pbb9b207ba200407982a9bd3d3f2895d4/3c3de519287048dcb4c5a03d47ebf33f/main.css'
link.rel = 'stylesheet'
document.body.append(link)
await this.loadScript('chunk-vendors.js')
await this.loadScript('chunk-bk-magic-vue.js')
await this.loadScript('main.js')
this.initPanel()
},
Expand All @@ -112,8 +81,18 @@
})
},
async initPanel () {
console.log('init panel')
if (window.BkVisionSDK) {
this.visionApp = this.uid && window.BkVisionSDK.init(`#dashboard-${this.renderId}`, this.uid, this.dataInfo)
try {
if (this.visionApp && Object.keys(this.visionApp).length) {
this.visionApp?.unmount()
}
} catch (error) {
console.error(error?.message || error, 'unmount bk-vision error')
}

this.visionApp = this.uid && await window.BkVisionSDK.init(`#dashboard-${this.renderId}`, this.uid, this.dataInfo)
console.log(this.visionApp, 'after init')
} else {
console.error('sdk 加载异常')
}
Expand Down
2 changes: 2 additions & 0 deletions lib/client/src/components/render/pc/render-component.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import WidgetFormItem from './widget/form/form-item'
import WidgetMdEditor from './widget/md-editor/md-editor'
import WidgetBkTable from './widget/table/table'
import WidgetVanPicker from './widget/van-picker'
import widgetBkVision from './widget/bk-vision/bk-vision'
import WidgetFormContainer from './widget/form-container'
import WidgetDataManageContainer from './widget/data-manage-container/form-data-manage/edit/index'
import WidgetFlowManageContainer from './widget/flow-manage-container/edit/index'
Expand Down Expand Up @@ -51,6 +52,7 @@ export default {
WidgetMdEditor,
WidgetBkTable,
WidgetVanPicker,
widgetBkVision,
WidgetFormContainer,
WidgetDataManageContainer,
WidgetFlowManageContainer,
Expand Down
138 changes: 138 additions & 0 deletions lib/client/src/components/render/pc/widget/bk-vision/bk-vision.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
/**
* Tencent is pleased to support the open source community by making 蓝鲸智云PaaS平台社区版 (BlueKing PaaS Community Edition) available.
* Copyright (C) 2025 Tencent. All rights reserved.
* Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://opensource.org/licenses/MIT
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/

import { h } from 'bk-lesscode-render'
import LC from '@/element-materials/core'
import { uuid, debounce } from 'shared/util'

export default {
name: 'widget-bk-vision',
inheritAttrs: false,
props: {
componentData: {
type: Object
},
uid: {
type: String
}
},
data () {
return {
visionApp: {},
renderId: '',
apiPrefix: '/api/bkvision/',
cdnPrefix: 'https://staticfile.qq.com/bkvision/pbb9b207ba200407982a9bd3d3f2895d4/latest/'
}
},
computed: {
compUid () {
return this.uid || this.componentData?.prop?.uid
},
dataInfo () {
return {
apiPrefix: '/api/bkvision/'
// waterMark: { content: this.componentData?.watchMark || 'bk-lesscode' }
}
}
},
watch: {
compUid (val) {
console.log('compUid change', val)
this.debounceInit()
}
},
created () {
this.renderId = uuid(6)
LC.addEventListener('update', this.updateCallback)
},
mounted () {
this.debounceInit = debounce(this.initPanel)
if (!window.BkVisionSDK) {
console.log('load sdk')
this.loadSdk()
} else {
console.log('bkvision sdk exist')
this.initPanel()
}
},
beforeDestroy () {
LC.removeEventListener('update', this.updateCallback)
},
methods: {
updateCallback ({ target }) {
if (target.componentId === this.componentData?.componentId) {
this.$forceUpdate()
this.debounceInit()
}
},
async loadSdk () {
const link = document.createElement('link')
link.href = 'https://staticfile.qq.com/bkvision/pbb9b207ba200407982a9bd3d3f2895d4/3c3de519287048dcb4c5a03d47ebf33f/main.css'
link.rel = 'stylesheet'
document.body.append(link)
await this.loadScript('main.js')
this.initPanel()
},
loadScript (file) {
return new Promise((resolve, reject) => {
const url = this.cdnPrefix + file
const script = document.createElement('script')
script.src = url
document.body.append(script)
script.onload = () => {
resolve()
}
})
},
async initPanel () {
const compUid = this.compUid
console.log('init panel', compUid)
if (window.BkVisionSDK) {
try {
if (this.visionApp && Object.keys(this.visionApp).length) {
this.visionApp?.unmount()
}
} catch (error) {
console.error(error?.message || error, 'unmount bk-vision error')
}

this.visionApp = compUid && await window.BkVisionSDK.init(`.dashboard-${this.renderId}`, compUid, this.dataInfo)
console.log(this.visionApp, 'after init', compUid)
} else {
console.error('sdk 加载异常')
}
}
},
render (render) {
h.init(render)

const self = this

return h({
component: 'div',
class: 'lesscode-bk-vision-container',
children: [
!self.compUid ? h({
component: 'bk-exception',
class: 'exception-wrap-item exception-part exception-gray',
props: {
type: '404',
scene: 'part'
}
})
: h({
component: 'div',
class: `dashboard-${self.renderId}`
})
]
})
}
}
13 changes: 4 additions & 9 deletions lib/client/src/element-materials/core/extends/merge-render-events.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import _ from 'lodash'
import { safeObjectMerge } from '../../../../../shared/security/property-injection-guard'

/**
* @desc 设置节点的 renderEvents(增量添加)
Expand All @@ -13,13 +13,8 @@ export default function (node, events) {
if (!isObject(events)) {
throw new Error(window.i18n.t('设置 mergeRenderEvents 值只支持 Object'))
}
const customizer = (a, b) => {
if (isObject(a) && isObject(b)) {
return _.mergeWith(a, b, customizer)
} else {
return b
}
}
node.renderEvents = _.mergeWith(node.renderEvents, events, customizer)

// 使用安全的对象合并方式,防止属性注入攻击
node.renderEvents = safeObjectMerge(node.renderEvents || {}, events, { deep: true })
return true
}
Loading
Loading