wuyuan/Classworks
1
0
Fork 0
mirror of https://github.com/ZeroCatDev/Classworks.git synced 2026-02-04 16:03:10 +00:00
Code Releases Activity

refine background settings validation and safety

Browse Source 
Co-authored-by: Sunwuyuan <88357633+Sunwuyuan@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2025-12-29 10:24:06 +00:00
parent 261df398b4
commit 2b411a13ca
2 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/pages/index.vue
View File

@ -688,11 +688,11 @@ export default {
}, },
backgroundImageStyle() { backgroundImageStyle() {
const url = this.backgroundImageUrl; const url = this.backgroundImageUrl;
if (!url) return { display: "none" }; if (!this.isSafeBackgroundUrl(url)) return { display: "none" };
const blur = Math.min(Math.max(this.backgroundBlurAmount, 0), 50); const blur = Math.min(Math.max(this.backgroundBlurAmount, 0), 50);
return { return {
backgroundImage: `url("${url}")`, backgroundImage: `url("${this.sanitizeBackgroundUrl(url)}")`,
filter: `blur(${blur}px)`, filter: `blur(${blur}px)`,
}; };
}, },
@ -700,8 +700,10 @@ export default {
if (!this.hasBackgroundImage) return { display: "none" }; if (!this.hasBackgroundImage) return { display: "none" };
const dim = Math.min(Math.max(this.backgroundDimAmount, 0), 100); const dim = Math.min(Math.max(this.backgroundDimAmount, 0), 100);
const overlayBlur = Math.min(Math.max(this.backgroundBlurAmount, 0), 50) / 3;
return { return {
backgroundColor: `rgba(0, 0, 0, ${dim / 100})`, backgroundColor: `rgba(0, 0, 0, ${dim / 100})`,
backdropFilter: `blur(${overlayBlur}px)`,
}; };
}, },
sortedItems() { sortedItems() {
@ -2203,6 +2205,30 @@ export default {
return nameMap[lastPart] || lastPart; return nameMap[lastPart] || lastPart;
}, },
isSafeBackgroundUrl(url) {
if (!url) return false;
const trimmed = url.trim();
if (trimmed.toLowerCase().startsWith("javascript:")) return false;
try {
const parsed = new URL(trimmed, window.location.origin);
const protocol = parsed.protocol.replace(":", "");
if (["http", "https", "data", "blob"].includes(protocol)) return true;
} catch (e) {
// Allow relative paths
if (
trimmed.startsWith("/") ||
trimmed.startsWith("./") ||
trimmed.startsWith("../")
) {
return true;
}
}
return false;
},
sanitizeBackgroundUrl(url) {
return url.replace(/["'()]/g, "");
},
safeBase64Decode(base64String) { safeBase64Decode(base64String) {
try { try {
@ -2414,10 +2440,9 @@ export default {
} }
.home-background { .home-background {
transform: scale(1.04); transform: scale(1.02);
} }
.home-background-overlay { .home-background-overlay {
backdrop-filter: blur(2px);
} }
</style> </style>

2
src/utils/settings.js
View File

@ -156,7 +156,7 @@ const settingsDefinitions = {
"display.backgroundBlur": { "display.backgroundBlur": {
type: "number", type: "number",
default: 12, default: 12,
validate: (value) => value >= 0 && value <= 30, validate: (value) => value >= 0 && value <= 50,
description: "背景模糊强度", description: "背景模糊强度",
icon: "mdi-blur", icon: "mdi-blur",
}, },