fix(security): 修复XSS v-html安全问题

healthlink-his-ui/src/components/NoticePanel.vue

@@ -83,8 +83,7 @@
         </div>
         <div
           class="detail-content"
-          v-html="currentNotice.noticeContent"
-        />
+        >{{ safeContent }}</div>
       </div>
       <template #footer>
         <el-button @click="detailVisible = false">
@@ -106,6 +105,10 @@ const detailVisible = ref(false)
 const noticeList = ref([])
 const currentNotice = ref({})
 const readNoticeIds = ref(new Set())
+const safeContent = computed(() => {
+  const content = currentNotice.value && currentNotice.value.noticeContent
+  return content ? String(content).replace(/<[^>]*>/g, '') : ''
+})
 
 // 打开公告/通知面板
 function open() {

healthlink-his-ui/src/components/NoticePanel/index.vue

@@ -112,8 +112,7 @@
         <el-divider />
         <div
           class="notice-detail-body"
-          v-html="activeNotice.noticeContent"
-        />
+        >{{ safeContent }}</div>
       </div>
 
       <!-- 未选择状态 -->
@@ -156,6 +155,10 @@ const activeNotice = computed(() => {
 const unreadCount = computed(() => {
   return noticeList.value.filter(n => !n.isRead).length
 })
+const safeContent = computed(() => {
+  const content = activeNotice.value && activeNotice.value.noticeContent
+  return content ? String(content).replace(/<[^>]*>/g, '') : ''
+})
 
 // 获取公告类型图标
 // noticeType: 1=通知, 2=公告

healthlink-his-ui/src/components/NoticePopup/index.vue

@@ -91,8 +91,7 @@
         <el-divider />
         <div
           class="notice-detail-body"
-          v-html="activeNotice.noticeContent"
-        />
+        >{{ safeContent }}</div>
       </div>
 
       <!-- 空状态 -->
@@ -166,6 +165,10 @@ const unreadCount = computed(() => {
 const hasUnread = computed(() => {
   return unreadCount.value > 0
 })
+const safeContent = computed(() => {
+  const content = activeNotice.value && activeNotice.value.noticeContent
+  return content ? String(content).replace(/<[^>]*>/g, '') : ''
+})
 
 // 获取公告类型图标
 // noticeType: 1=通知, 2=公告