admin/Mdeical_Sur_Report
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

security: 讯飞配置输入框改用ref非受控设置,防止DOM value属性暴露

Browse Source
This commit is contained in:
admin
2026-04-20 02:28:08 +08:00
parent 49886e5080
commit 3827d09ad3
1 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/pages/SystemSettings.tsx
View File

@@ -23,6 +23,9 @@ export default function SystemSettings() {
const [modeModalOpen, setModeModalOpen] = useState(false); const [modeModalOpen, setModeModalOpen] = useState(false);
const [availableModels, setAvailableModels] = useState<string[]>([]); const [availableModels, setAvailableModels] = useState<string[]>([]);
const apiKeyInputRef = useRef<HTMLInputElement>(null); const apiKeyInputRef = useRef<HTMLInputElement>(null);
const xfAppIdRef = useRef<HTMLInputElement>(null);
const xfApiKeyRef = useRef<HTMLInputElement>(null);
const xfApiSecretRef = useRef<HTMLInputElement>(null);
useEffect(() => { useEffect(() => {
if (apiKeyInputRef.current) { if (apiKeyInputRef.current) {
@@ -33,6 +36,21 @@ export default function SystemSettings() {
} }
}, [settings.aiProviders[settings.activeAiProvider]?.apiKey]); }, [settings.aiProviders[settings.activeAiProvider]?.apiKey]);
useEffect(() => {
if (xfAppIdRef.current) {
const target = settings.xfSpeechConfig?.appId || '';
if (xfAppIdRef.current.value !== target) xfAppIdRef.current.value = target;
}
if (xfApiKeyRef.current) {
const target = settings.xfSpeechConfig?.apiKey || '';
if (xfApiKeyRef.current.value !== target) xfApiKeyRef.current.value = target;
}
if (xfApiSecretRef.current) {
const target = settings.xfSpeechConfig?.apiSecret || '';
if (xfApiSecretRef.current.value !== target) xfApiSecretRef.current.value = target;
}
}, [settings.xfSpeechConfig]);
useEffect(() => { useEffect(() => {
const user = storage.get<User | null>('currentUser', null); const user = storage.get<User | null>('currentUser', null);
if (!user) { if (!user) {
@@ -436,8 +454,8 @@ export default function SystemSettings() {
<div className="space-y-1.5"> <div className="space-y-1.5">
<label className="block text-xs font-bold text-text-main uppercase tracking-wider">APPID</label> <label className="block text-xs font-bold text-text-main uppercase tracking-wider">APPID</label>
<input <input
ref={xfAppIdRef}
type="password" type="password"
value={settings.xfSpeechConfig?.appId || ''}
onChange={(e) => { onChange={(e) => {
const next = { ...(settings.xfSpeechConfig || { appId: '', apiKey: '', apiSecret: '' }), appId: e.target.value }; const next = { ...(settings.xfSpeechConfig || { appId: '', apiKey: '', apiSecret: '' }), appId: e.target.value };
setSettings({ ...settings, xfSpeechConfig: next }); setSettings({ ...settings, xfSpeechConfig: next });
@@ -452,8 +470,8 @@ export default function SystemSettings() {
<div className="space-y-1.5"> <div className="space-y-1.5">
<label className="block text-xs font-bold text-text-main uppercase tracking-wider">APIKey</label> <label className="block text-xs font-bold text-text-main uppercase tracking-wider">APIKey</label>
<input <input
ref={xfApiKeyRef}
type="password" type="password"
value={settings.xfSpeechConfig?.apiKey || ''}
onChange={(e) => { onChange={(e) => {
const next = { ...(settings.xfSpeechConfig || { appId: '', apiKey: '', apiSecret: '' }), apiKey: e.target.value }; const next = { ...(settings.xfSpeechConfig || { appId: '', apiKey: '', apiSecret: '' }), apiKey: e.target.value };
setSettings({ ...settings, xfSpeechConfig: next }); setSettings({ ...settings, xfSpeechConfig: next });
@@ -468,8 +486,8 @@ export default function SystemSettings() {
<div className="space-y-1.5"> <div className="space-y-1.5">
<label className="block text-xs font-bold text-text-main uppercase tracking-wider">APISecret</label> <label className="block text-xs font-bold text-text-main uppercase tracking-wider">APISecret</label>
<input <input
ref={xfApiSecretRef}
type="password" type="password"
value={settings.xfSpeechConfig?.apiSecret || ''}
onChange={(e) => { onChange={(e) => {
const next = { ...(settings.xfSpeechConfig || { appId: '', apiKey: '', apiSecret: '' }), apiSecret: e.target.value }; const next = { ...(settings.xfSpeechConfig || { appId: '', apiKey: '', apiSecret: '' }), apiSecret: e.target.value };
setSettings({ ...settings, xfSpeechConfig: next }); setSettings({ ...settings, xfSpeechConfig: next });