diff --git a/src/plugin/admin/app/common/LayuiForm.php b/src/plugin/admin/app/common/LayuiForm.php
index dcd23c7..0edd9e6 100644
--- a/src/plugin/admin/app/common/LayuiForm.php
+++ b/src/plugin/admin/app/common/LayuiForm.php
@@ -211,7 +211,7 @@ EOF;
// 字段 {$options['label']} $field
layui.use(['upload', 'layer', 'jquery', 'popup', 'util'], function() {
let input = layui.jquery('#$id').prev();
- input.prev().html(input.val());
+ input.prev().html(layui.util.escape(input.val()));
layui.upload.render({
elem: '#$id',$options_string
done: function (res) {
@@ -745,7 +745,7 @@ EOF;
})
});
let checked = d[field] === 1 ? 'checked' : '';
- return '';
+ return '';
}
EOF;
break;
@@ -754,7 +754,7 @@ EOF;
$templet = <<';
+ return '';
}
EOF;
break;
@@ -762,7 +762,7 @@ EOF;
$templet = <<' + d['$field'] + '';
+ return '' + util.escape(d['$field']) + '';
}
EOF;
break;
@@ -770,7 +770,7 @@ EOF;
$templet = <<';
+ return '+')
'
}
EOF;
break;
@@ -802,7 +802,7 @@ EOF;
layui.each((d[field] + '').split(','), function (k , v) {
items.push(apiResults[field][v] || v);
});
- return items.join(',');
+ return util.escape(items.join(','));
}
EOF;
diff --git a/src/plugin/admin/app/controller/TableController.php b/src/plugin/admin/app/controller/TableController.php
index df99bef..b2eb71a 100644
--- a/src/plugin/admin/app/controller/TableController.php
+++ b/src/plugin/admin/app/controller/TableController.php
@@ -783,11 +783,12 @@ EOF
const UPDATE_URL = "$url_path_base/$template_path/update";
$js
// 表格渲染
- layui.use(['table', 'form', 'jquery', 'common', 'popup'], function() {
+ layui.use(['table', 'form', 'jquery', 'common', 'popup', 'util'], function() {
let table = layui.table;
let form = layui.form;
let $ = layui.jquery;
let common = layui.common;
+ let util = layui.util;
$table_js
// 编辑或删除行事件
table.on('tool(data-table)', function(obj) {
@@ -1050,7 +1051,7 @@ EOF;
}
if (typeof obj[0] === 'undefined' || !obj[0].nodeName) return;
if (obj[0].nodeName.toLowerCase() === 'textarea') {
- obj.html(layui.util.escape(value));
+ obj.val(layui.util.escape(value));
} else {
obj.attr('value', value);
}
diff --git a/src/plugin/admin/app/view/table/update.html b/src/plugin/admin/app/view/table/update.html
index 30e1a61..168e1dc 100644
--- a/src/plugin/admin/app/view/table/update.html
+++ b/src/plugin/admin/app/view/table/update.html
@@ -43,6 +43,7 @@
layui.use(['form', 'jquery', 'util'], function () {
let $ = layui.jquery;
+ let util = layui.util;
$.ajax({
url: SELECT_API,
dataType: 'json',
@@ -55,7 +56,7 @@
}
if (typeof obj[0] === 'undefined' || !obj[0].nodeName) return;
if (obj[0].nodeName.toLowerCase() === 'textarea') {
- obj.html(layui.util.escape(value));
+ obj.html(util.escape(value));
} else {
obj.attr('value', value);
}
diff --git a/src/plugin/admin/app/view/table/view.html b/src/plugin/admin/app/view/table/view.html
index 1fcb3fa..e98b7e8 100644
--- a/src/plugin/admin/app/view/table/view.html
+++ b/src/plugin/admin/app/view/table/view.html
@@ -56,8 +56,8 @@