网络安全漏洞修复
yang870516 opened this issue · comments
Hi! 👋
Firstly, thanks for your work on this project! 🙂
Today I used patch-package to patch zrender@4.0.5 for the project I'm working on.
Here is the diff that solved my problem:
diff --git a/node_modules/zrender/lib/svg/Painter.js b/node_modules/zrender/lib/svg/Painter.js
index 574f7ce..7a3c56d 100644
--- a/node_modules/zrender/lib/svg/Painter.js
+++ b/node_modules/zrender/lib/svg/Painter.js
@@ -332,7 +332,8 @@ SVGPainter.prototype = {
return (root[cwh] || parseInt10(stl[wh]) || parseInt10(root.style[wh])) - (parseInt10(stl[plt]) || 0) - (parseInt10(stl[prb]) || 0) | 0;
},
dispose: function () {
- this.root.innerHTML = '';
+ //网络安全漏洞修复 20231107 yangxl
+ (this.root.textContent != undefined ) ? (this.root.textContent = '') : (this.root.innerText = '');
this._svgRoot = this._viewport = this.storage = null;
},
clear: function () {
diff --git a/node_modules/zrender/lib/zrender.js b/node_modules/zrender/lib/zrender.js
index 95b8edf..44aa647 100644
--- a/node_modules/zrender/lib/zrender.js
+++ b/node_modules/zrender/lib/zrender.js
@@ -240,10 +240,7 @@ ZRender.prototype = {
*/
this._needsRefresh = false; // var end = new Date();
- // var log = document.getElementById('log');
- // if (log) {
- // log.innerHTML = log.innerHTML + '<br>' + (end - start);
- // }
+ //网络安全修复漏洞 20231106 yangxl
},
/**
diff --git a/node_modules/zrender/src/vml/Painter.js b/node_modules/zrender/src/vml/Painter.js
index 92b04b0..43cc959 100644
--- a/node_modules/zrender/src/vml/Painter.js
+++ b/node_modules/zrender/src/vml/Painter.js
@@ -144,8 +144,8 @@ VMLPainter.prototype = {
},
dispose: function () {
- this.root.innerHTML = '';
-
+ //网络安全漏洞修复 20231107 yangxl
+ (this.root.textContent != undefined ) ? (this.root.textContent = ""):(this.root.innerText = "");
this._vmlRoot =
this._vmlViewport =
this.storage = null;This issue body was partially generated by patch-package.