From 7f3e4be9d64a6208667f9efce94ab5bfc677ce8e Mon Sep 17 00:00:00 2001 From: shijian <2954700422@qq.com> Date: Mon, 31 Jul 2023 03:14:07 +0800 Subject: [PATCH] =?UTF-8?q?1.=E4=BD=BFgame.print=E4=B8=AD=E5=8F=AF?= =?UTF-8?q?=E4=BB=A5=E6=A0=BC=E5=BC=8F=E5=8C=96=E5=87=BD=E6=95=B0=E5=AD=97?= =?UTF-8?q?=E7=AC=A6=E4=B8=B2=EF=BC=8C=E4=B8=94=E6=A0=BC=E5=BC=8F=E5=8C=96?= =?UTF-8?q?=E7=9A=84=E5=AD=97=E7=AC=A6=E4=B8=B2=E5=92=8C=E5=AF=B9=E8=B1=A1?= =?UTF-8?q?=E9=81=BF=E5=85=8D=E8=A7=A3=E6=9E=90=E4=B8=BAdom=E5=85=83?= =?UTF-8?q?=E7=B4=A0=E3=80=822.=E6=94=B9=E7=94=A8=E6=AD=A3=E5=88=99?= =?UTF-8?q?=E6=9D=A5=E5=88=A4=E6=96=AD=E6=89=A7=E8=A1=8C=E7=9A=84=E4=BB=A3?= =?UTF-8?q?=E7=A0=81=E6=9D=A5=E5=88=A4=E6=96=AD=E6=98=AF=E5=90=A6=E4=B8=BA?= =?UTF-8?q?=E6=99=AE=E9=80=9Ajs=E5=AF=B9=E8=B1=A1=EF=BC=8C=E9=81=BF?= =?UTF-8?q?=E5=85=8D=E8=A7=A3=E6=9E=90=E4=B8=BA=E4=BB=A3=E7=A0=81=E5=9D=97?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- game/game.js | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/game/game.js b/game/game.js index 7f0c506ef..bf9a940b7 100644 --- a/game/game.js +++ b/game/game.js @@ -9686,6 +9686,7 @@ localStorage.removeItem(lib.configprefix+'background'); } }, + //by 诗笺 parsex:function(func){ var str=func.toString(); //获取第一个 { 后的所有字符 @@ -45125,6 +45126,10 @@ var logs=[]; var logindex=-1; var cheat=lib.cheat; + //使用正则匹配绝大多数的普通obj对象,避免解析成代码块。 + var reg=/^\{([^{}]+:\s*([^\s,]*|'[^']*'|"[^"]*"|\{[^}]*\}|\[[^\]]*\]|null|undefined|([a-zA-Z$_][a-zA-Z0-9$_]*\s*:\s*)?[a-zA-Z$_][a-zA-Z0-9$_]*\(\)))(?:,\s*([^{}]+:\s*(?:[^\s,]*|'[^']*'|"[^"]*"|\{[^}]*\}|\[[^\]]*\]|null|undefined|([a-zA-Z$_][a-zA-Z0-9$_]*\s*:\s*)?[a-zA-Z$_][a-zA-Z0-9$_]*\(\))))*\}$/; + //使用new Function隔绝作用域,避免在控制台可以直接访问到runCommand等变量 + var fun=(new Function('reg','value','_status','lib','game','ui','get','ai',`"use strict";\nreturn eval(reg.test(value)?('('+value+')'):value)`)); var runCommand=function(e){ if(text2.value&&!['up','down'].contains(text2.value)){ logindex=-1; @@ -45164,7 +45169,9 @@ else{ if(!game.observe&&!game.online){ try{ - var result = (new Function('_status','lib','game','ui','get','ai',`"use strict";\nreturn ${text2.value}`))(_status,lib,game,ui,get,ai); + var value=text2.value.trim(); + if(value.endsWith(";")) value=value.slice(0,-1).trim(); + var result=fun(reg,value,_status,lib,game,ui,get,ai); game.print(result); } catch(e){ @@ -45199,14 +45206,16 @@ game.print=function(){ var args=[].slice.call(arguments); var printResult=args.map(arg=>{ - if(get.is.object(arg)){ + if(get.is.object(arg)||typeof arg=='function'){ var argi=get.stringify(arg); - if(argi&&argi.length<5000){ - return argi; - } - else{ - return arg.toString(); + if(argi/*&&argi.length<5000*/){ + return argi.replace(/&/g, '&') + .replace(//g, '>') + .replace(/"/g, '"') + .replace(/'/g, '''); } + else return arg.toString(); }else{ var str=String(arg); if (!/<[a-zA-Z]+[^>]*?\/?>.*?(?=<\/[a-zA-Z]+[^>]*?>|$)/.exec(str)) return String(arg)