security: 讯飞配置输入框改用ref非受控设置，防止DOM value属性暴露

2026-04-20 02:28:08 +08:00
parent 49886e5080
commit 3827d09ad3
1 changed files with 21 additions and 3 deletions
--- a/src/pages/SystemSettings.tsx
+++ b/src/pages/SystemSettings.tsx
@@ -23,6 +23,9 @@ export default function SystemSettings() {
  const [modeModalOpen, setModeModalOpen] = useState(false);
  const [availableModels, setAvailableModels] = useState<string[]>([]);
  const apiKeyInputRef = useRef<HTMLInputElement>(null);
+  const xfAppIdRef = useRef<HTMLInputElement>(null);
+  const xfApiKeyRef = useRef<HTMLInputElement>(null);
+  const xfApiSecretRef = useRef<HTMLInputElement>(null);

  useEffect(() => {
    if (apiKeyInputRef.current) {
@@ -33,6 +36,21 @@ export default function SystemSettings() {
    }
  }, [settings.aiProviders[settings.activeAiProvider]?.apiKey]);

+  useEffect(() => {
+    if (xfAppIdRef.current) {
+      const target = settings.xfSpeechConfig?.appId || '';
+      if (xfAppIdRef.current.value !== target) xfAppIdRef.current.value = target;
+    }
+    if (xfApiKeyRef.current) {
+      const target = settings.xfSpeechConfig?.apiKey || '';
+      if (xfApiKeyRef.current.value !== target) xfApiKeyRef.current.value = target;
+    }
+    if (xfApiSecretRef.current) {
+      const target = settings.xfSpeechConfig?.apiSecret || '';
+      if (xfApiSecretRef.current.value !== target) xfApiSecretRef.current.value = target;
+    }
+  }, [settings.xfSpeechConfig]);
+
  useEffect(() => {
    const user = storage.get<User | null>('currentUser', null);
    if (!user) {
@@ -436,8 +454,8 @@ export default function SystemSettings() {
              <div className="space-y-1.5">
                <label className="block text-xs font-bold text-text-main uppercase tracking-wider">APPID</label>
                <input 
+                  ref={xfAppIdRef}
                  type="password" 
-                  value={settings.xfSpeechConfig?.appId || ''}
                  onChange={(e) => {
                    const next = { ...(settings.xfSpeechConfig || { appId: '', apiKey: '', apiSecret: '' }), appId: e.target.value };
                    setSettings({ ...settings, xfSpeechConfig: next });
@@ -452,8 +470,8 @@ export default function SystemSettings() {
              <div className="space-y-1.5">
                <label className="block text-xs font-bold text-text-main uppercase tracking-wider">APIKey</label>
                <input 
+                  ref={xfApiKeyRef}
                  type="password" 
-                  value={settings.xfSpeechConfig?.apiKey || ''}
                  onChange={(e) => {
                    const next = { ...(settings.xfSpeechConfig || { appId: '', apiKey: '', apiSecret: '' }), apiKey: e.target.value };
                    setSettings({ ...settings, xfSpeechConfig: next });
@@ -468,8 +486,8 @@ export default function SystemSettings() {
              <div className="space-y-1.5">
                <label className="block text-xs font-bold text-text-main uppercase tracking-wider">APISecret</label>
                <input 
+                  ref={xfApiSecretRef}
                  type="password" 
-                  value={settings.xfSpeechConfig?.apiSecret || ''}
                  onChange={(e) => {
                    const next = { ...(settings.xfSpeechConfig || { appId: '', apiKey: '', apiSecret: '' }), apiSecret: e.target.value };
                    setSettings({ ...settings, xfSpeechConfig: next });