x
Opened this issue · 1 comments
leveryd commented
(function() {
var util = {
isURL : /^(?:ht|f)tp(?:s)?\:\/\/(?:[\w\-\.]+)\.\w+/i,
isFunction: function(a) {
return "function" === typeof a
},
isArray: Array.isArray ||
function(a) {
return "array" === typeof a
},
isWindow: function(a) {
return null != a && a == a.window
},
isNumeric: function(a) {
return !isNaN(parseFloat(a)) && isFinite(a)
},
getUrlParam: function(a, b) {
b = b || location.href;
var c, d = new RegExp("[?&#]" + a + "=([^&#]+)", "gi"),
e = b.match(d);
// console.log([?&#]url=([^&#]+))
return e && e.length > 0 ? (c = e[e.length - 1].split("="), c && c.length > 1 ? c[1] : "") : ""
},
setUrlParam: function(a, b, c) {
c = c || location.href;
var d, e, f = new RegExp("[?&#]" + a + "=([^&#]+)", "gi"),
g = c.match(f),
h = "{key" + (new Date).getTime() + "}";
if (d = g && g.length > 0 ? g[g.length - 1] : "", e = a + "=" + b, d) {
var i = d.charAt(0);
c = c.replace(d, h), c = c.replace(h, b ? i + e : "")
} else b && (c += c.indexOf("?") > -1 ? "&" + e : "?" + e);
return c
}
}
//
// function stripscript(str)
// {
// var s = "";
// if (str.length == 0) return "";
// s = str.replace(/&/g, ">");
// s = s.replace(/</g, "<");
// s = s.replace(/>/g, ">");
// s = s.replace(/ /g, " ");
// s = s.replace(/\'/g, "'");
// s = s.replace(/\"/g, """);
// s = s.replace(/\n/g, "<br>");
// s = s.replace(/\:/g, ":");
// return s;
// }
//html正文编码:对需要出现在HTML正文里(除了HTML属性外)的不信任输入进行编码
function HtmlEncode(sStr)
{
sStr = sStr.replace(/&/g,"&");
sStr = sStr.replace(/>/g,">");
sStr = sStr.replace(/</g,"<");
sStr = sStr.replace(/"/g,""");
sStr = sStr.replace(/'/g,"'");
return sStr;
}
//html正文解码:对HtmlEncode函数的结果进行解码
function HtmlUnEncode(sStr)
{
sStr = sStr.replace(/&/g,"&");
sStr = sStr.replace(/>/g,">");
sStr = sStr.replace(/</g,"<");
sStr = sStr.replace(/"/g,'"');
sStr = sStr.replace(/'/g,"'");
return sStr;
}
function isValidUrl(url){
// if(!/^https?/.test(url)) return false;
var a = document.createElement('a');
a.href = url;
return /(\.qq\.com|\.tencent\.com)$/.test(a.hostname);
}
function isValidPic(url){
var a = document.createElement('a');
a.href = url;
// return /^https?/.test(url);
return /(\.qq\.com|\.gtimg\.cn|\.gtimg\.cn|\.qpic\.cn)$/.test(a.hostname);
}
var url = HtmlUnEncode(decodeURIComponent(util.getUrlParam("url"))),
pic = HtmlUnEncode(decodeURIComponent(util.getUrlParam("pic")));
function setQrcode(pcurl, shareurl, title) {
//console.log(shareurl)
var isCanvas = !! document.createElement('canvas').getContext,qrcode,$link = $("#shareLink");
$("#qrCode").html("");
qrcode = new QRCode(document.getElementById("qrCode"), {
text: shareurl,
width: 140,
height: 140,
colorDark: "#000000",
colorLight: "#ffffff",
center: true,
correctLevel: QRCode.CorrectLevel.H,
ico_url: "//ossweb-img.qq.com/images/share/images/icon-logo.png"
});
$link.attr("title", title);
$link.attr("href", shareurl);
$link.text(title);
$('#sharePic').attr('src',pcurl);
$("#shareInfo").show();
}
if(!isValidUrl(url) || (pic && !isValidPic(pic))){
alert('参数不合法!!请核实分享来源!!')
}else{
if (typeof url == "string") {
var title = HtmlUnEncode(decodeURIComponent(util.getUrlParam("title")));
setQrcode(pic, url, title);
}
}
})();/* |xGv00|c37c6ad3ea0808071b203df1cbec10fd */
leveryd commented
view-source:https://www.intercom.com/?keyword=a1b2c3d4e5x%27%22%3Cxfc%3Exxx\
<xfc> 被过滤