From 62a3d80fa3904d535d7c15f0c480d4cbf339674f Mon Sep 17 00:00:00 2001 From: wolfcode <37436228+wolf-leo@users.noreply.github.com> Date: Thu, 5 Sep 2024 09:33:38 +0800 Subject: [PATCH] fix(wangEditor): correctly access wangEditor instances Correct the way wangEditor instances are accessed and stored in the window object. The previous implementation using `eval` could lead to security risks and is removed in favor of direct window property access. This change improves code security and reliability by eliminating `eval` and clarifying the object property name construction. --- public/static/plugs/easy-admin/easy-admin.js | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/public/static/plugs/easy-admin/easy-admin.js b/public/static/plugs/easy-admin/easy-admin.js index 7d856d7..ea4c916 100644 --- a/public/static/plugs/easy-admin/easy-admin.js +++ b/public/static/plugs/easy-admin/easy-admin.js @@ -1357,11 +1357,7 @@ define(["jquery", "tableSelect"], function ($, tableSelect) { break; case 'wangEditor': var name = $(this).attr("name"); - try { - dataField[name] = eval("wangEditor_" + i + ".getHtml()"); - } catch (e) { - layer.msg(e.message) - } + dataField[name] = (window["wangEditor_" + i]).getHtml() break; case 'EasyMDE': var name = $(this).attr("name"); @@ -1537,7 +1533,7 @@ define(["jquery", "tableSelect"], function ($, tableSelect) { case 'wangEditor': var wangEditor = window.wangEditor; var wangEditorName = "wangEditor_" + i - wangEditors[wangEditorName] = wangEditor.createEditor({ + window[wangEditorName] = wangEditor.createEditor({ selector: '#editor_' + $(this).attr('name'), html: $(this).text(), config: { @@ -1563,8 +1559,7 @@ define(["jquery", "tableSelect"], function ($, tableSelect) { }, } }) - let editor = wangEditors.wangEditor_0 - window[wangEditorName] = wangEditors[wangEditorName] + let editor =window[wangEditorName] wangEditor.createToolbar({ editor, selector: '#editor_toolbar_' + $(this).attr("name"),