From 3d977d0a2d7e0498404476c266c084c6d328c330 Mon Sep 17 00:00:00 2001 From: chenqi Date: Thu, 18 Jun 2026 21:25:15 +0800 Subject: [PATCH] =?UTF-8?q?fix(notice):=20=E4=BF=AE=E5=A4=8D=E9=80=9A?= =?UTF-8?q?=E7=9F=A5=E5=86=85=E5=AE=B9=E6=98=BE=E7=A4=BA=E5=AE=89=E5=85=A8?= =?UTF-8?q?=E9=97=AE=E9=A2=98=E5=B9=B6=E6=9B=B4=E6=96=B0=E6=94=AF=E4=BB=98?= =?UTF-8?q?=E6=8E=A5=E5=8F=A3URL=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 移除DetailView.vue中的v-html指令,改用安全的内容显示方式 - 添加safeContent计算属性过滤HTML标签防止XSS攻击 - 在HeaderNotice/index.vue中移除v-html避免潜在安全风险 - 将硬编码的支付接口URL替换为环境变量VITE_PAYMENT_URL - 统一多个页面中的医保插件调用地址配置为动态环境变量 - 确保所有通知内容展示都经过安全处理避免恶意脚本注入 --- .../layout/components/HeaderNotice/DetailView.vue | 13 ++++++++----- .../src/layout/components/HeaderNotice/index.vue | 7 +++---- .../src/views/charge/cliniccharge/index.vue | 2 +- .../views/charge/outpatientregistration/index.vue | 2 +- .../src/views/charge/surgerycharge/index.vue | 2 +- .../charge/feeSettlement/index.vue | 2 +- .../charge/register/components/patientInfo.vue | 2 +- .../inhospital/register/components/patientInfo.vue | 2 +- .../inhospital/register/components/registerEdit.vue | 2 +- 9 files changed, 18 insertions(+), 16 deletions(-) diff --git a/healthlink-his-ui/src/layout/components/HeaderNotice/DetailView.vue b/healthlink-his-ui/src/layout/components/HeaderNotice/DetailView.vue index da83783a9..9163cadaf 100644 --- a/healthlink-his-ui/src/layout/components/HeaderNotice/DetailView.vue +++ b/healthlink-his-ui/src/layout/components/HeaderNotice/DetailView.vue @@ -70,11 +70,10 @@
-
+
{{ safeContent }}
{ const content = detail.value && detail.value.noticeContent return content != null && String(content).trim() !== '' }) +const safeContent = computed(() => { + const content = detail.value && detail.value.noticeContent + return content ? String(content).replace(/<[^>]*>/g, '') : '' +}) function open(payload) { let id = null diff --git a/healthlink-his-ui/src/layout/components/HeaderNotice/index.vue b/healthlink-his-ui/src/layout/components/HeaderNotice/index.vue index a4f2e005c..bd931bdbe 100644 --- a/healthlink-his-ui/src/layout/components/HeaderNotice/index.vue +++ b/healthlink-his-ui/src/layout/components/HeaderNotice/index.vue @@ -173,10 +173,9 @@ max-height="320px" class="detail-body-scroll" > -
+
+ {{ activeNotice.noticeContent }} +
diff --git a/healthlink-his-ui/src/views/charge/cliniccharge/index.vue b/healthlink-his-ui/src/views/charge/cliniccharge/index.vue index 627244e39..70617fa8b 100755 --- a/healthlink-his-ui/src/views/charge/cliniccharge/index.vue +++ b/healthlink-his-ui/src/views/charge/cliniccharge/index.vue @@ -556,7 +556,7 @@ async function handleReadCard(value) { // readCardLoading.value = true; await invokeYbPlugin5000({ FunctionId: 3, - url: 'http://10.47.0.67:8089/localcfc/api/hsecfc/localQrCodeQuery', + url: `${import.meta.env.VITE_PAYMENT_URL}/localcfc/api/hsecfc/localQrCodeQuery`, orgId: 'H22010200672', businessType: '01101', operatorId: userStore.id.toString(), diff --git a/healthlink-his-ui/src/views/charge/outpatientregistration/index.vue b/healthlink-his-ui/src/views/charge/outpatientregistration/index.vue index b9bd0d78c..b52102355 100755 --- a/healthlink-his-ui/src/views/charge/outpatientregistration/index.vue +++ b/healthlink-his-ui/src/views/charge/outpatientregistration/index.vue @@ -1328,7 +1328,7 @@ async function handleReadCard(value) { // ) await invokeYbPlugin5000({ FunctionId: 3, - url: 'http://10.47.0.67:8089/localcfc/api/hsecfc/localQrCodeQuery', + url: `${import.meta.env.VITE_PAYMENT_URL}/localcfc/api/hsecfc/localQrCodeQuery`, orgId: 'H22010402403', businessType: '01101', operatorId: userStore.id.toString(), diff --git a/healthlink-his-ui/src/views/charge/surgerycharge/index.vue b/healthlink-his-ui/src/views/charge/surgerycharge/index.vue index d571ffcfd..ac29b3019 100755 --- a/healthlink-his-ui/src/views/charge/surgerycharge/index.vue +++ b/healthlink-his-ui/src/views/charge/surgerycharge/index.vue @@ -410,7 +410,7 @@ async function handleReadCard(value) { case '01': // 电子凭证 await invokeYbPlugin5000({ FunctionId: 3, - url: 'http://10.47.0.67:8089/localcfc/api/hsecfc/localQrCodeQuery', + url: `${import.meta.env.VITE_PAYMENT_URL}/localcfc/api/hsecfc/localQrCodeQuery`, orgId: 'H22010200672', businessType: '01101', operatorId: userStore.id.toString(), diff --git a/healthlink-his-ui/src/views/inHospitalManagement/charge/feeSettlement/index.vue b/healthlink-his-ui/src/views/inHospitalManagement/charge/feeSettlement/index.vue index 3a7072236..eb8891802 100755 --- a/healthlink-his-ui/src/views/inHospitalManagement/charge/feeSettlement/index.vue +++ b/healthlink-his-ui/src/views/inHospitalManagement/charge/feeSettlement/index.vue @@ -668,7 +668,7 @@ async function handleReadCard(value) { // readCardLoading.value = true; await invokeYbPlugin5001({ FunctionId: 3, - url: 'http://10.47.0.67:8089/localcfc/api/hsecfc/localQrCodeQuery', + url: `${import.meta.env.VITE_PAYMENT_URL}/localcfc/api/hsecfc/localQrCodeQuery`, orgId: 'H22010200672', businessType: '01101', operatorId: userStore.id.toString(), diff --git a/healthlink-his-ui/src/views/inHospitalManagement/charge/register/components/patientInfo.vue b/healthlink-his-ui/src/views/inHospitalManagement/charge/register/components/patientInfo.vue index 5dcfdb2d9..4691eb37e 100755 --- a/healthlink-his-ui/src/views/inHospitalManagement/charge/register/components/patientInfo.vue +++ b/healthlink-his-ui/src/views/inHospitalManagement/charge/register/components/patientInfo.vue @@ -466,7 +466,7 @@ async function handleReadCard(value) { // ) await invokeYbPlugin5001({ FunctionId: 3, - url: 'http://10.47.0.67:8089/localcfc/api/hsecfc/localQrCodeQuery', + url: `${import.meta.env.VITE_PAYMENT_URL}/localcfc/api/hsecfc/localQrCodeQuery`, orgId: 'H22010200672', businessType: '01101', operatorId: userStore.id.toString(), diff --git a/healthlink-his-ui/src/views/ybmanagement/inhospital/register/components/patientInfo.vue b/healthlink-his-ui/src/views/ybmanagement/inhospital/register/components/patientInfo.vue index 86ca9bb5e..843ded774 100755 --- a/healthlink-his-ui/src/views/ybmanagement/inhospital/register/components/patientInfo.vue +++ b/healthlink-his-ui/src/views/ybmanagement/inhospital/register/components/patientInfo.vue @@ -429,7 +429,7 @@ async function handleReadCard(value) { // readCardLoading.value = true; await boundAsync .getInfoByQrCodeAsync( - 'http://10.47.0.67:8089/localcfc/api/hsecfc/localQrCodeQuery', + `${import.meta.env.VITE_PAYMENT_URL}/localcfc/api/hsecfc/localQrCodeQuery`, 'H22010200672', '01101', userStore.id, diff --git a/healthlink-his-ui/src/views/ybmanagement/inhospital/register/components/registerEdit.vue b/healthlink-his-ui/src/views/ybmanagement/inhospital/register/components/registerEdit.vue index e2b4f1d4b..5fb6bc350 100755 --- a/healthlink-his-ui/src/views/ybmanagement/inhospital/register/components/registerEdit.vue +++ b/healthlink-his-ui/src/views/ybmanagement/inhospital/register/components/registerEdit.vue @@ -408,7 +408,7 @@ async function handleReadCard(value) { case '01': // 电子凭证 await invokeYbPlugin5001({ FunctionId: 3, - url: 'http://10.47.0.67:8089/localcfc/api/hsecfc/localQrCodeQuery', + url: `${import.meta.env.VITE_PAYMENT_URL}/localcfc/api/hsecfc/localQrCodeQuery`, orgId: 'H22010200672', businessType: '01101', operatorId: userStore.id.toString(),