1.使game.print中可以格式化函数字符串,且格式化的字符串和对象避免解析为dom元素。2.改用正则来判断执行的代码来判断是否为普通js对象,避免解析为代码块的问题
This commit is contained in:
parent
e018c343c9
commit
7f3e4be9d6
23
game/game.js
23
game/game.js
|
@ -9686,6 +9686,7 @@
|
||||||
localStorage.removeItem(lib.configprefix+'background');
|
localStorage.removeItem(lib.configprefix+'background');
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
//by 诗笺
|
||||||
parsex:function(func){
|
parsex:function(func){
|
||||||
var str=func.toString();
|
var str=func.toString();
|
||||||
//获取第一个 { 后的所有字符
|
//获取第一个 { 后的所有字符
|
||||||
|
@ -45125,6 +45126,10 @@
|
||||||
var logs=[];
|
var logs=[];
|
||||||
var logindex=-1;
|
var logindex=-1;
|
||||||
var cheat=lib.cheat;
|
var cheat=lib.cheat;
|
||||||
|
//使用正则匹配绝大多数的普通obj对象,避免解析成代码块。
|
||||||
|
var reg=/^\{([^{}]+:\s*([^\s,]*|'[^']*'|"[^"]*"|\{[^}]*\}|\[[^\]]*\]|null|undefined|([a-zA-Z$_][a-zA-Z0-9$_]*\s*:\s*)?[a-zA-Z$_][a-zA-Z0-9$_]*\(\)))(?:,\s*([^{}]+:\s*(?:[^\s,]*|'[^']*'|"[^"]*"|\{[^}]*\}|\[[^\]]*\]|null|undefined|([a-zA-Z$_][a-zA-Z0-9$_]*\s*:\s*)?[a-zA-Z$_][a-zA-Z0-9$_]*\(\))))*\}$/;
|
||||||
|
//使用new Function隔绝作用域,避免在控制台可以直接访问到runCommand等变量
|
||||||
|
var fun=(new Function('reg','value','_status','lib','game','ui','get','ai',`"use strict";\nreturn eval(reg.test(value)?('('+value+')'):value)`));
|
||||||
var runCommand=function(e){
|
var runCommand=function(e){
|
||||||
if(text2.value&&!['up','down'].contains(text2.value)){
|
if(text2.value&&!['up','down'].contains(text2.value)){
|
||||||
logindex=-1;
|
logindex=-1;
|
||||||
|
@ -45164,7 +45169,9 @@
|
||||||
else{
|
else{
|
||||||
if(!game.observe&&!game.online){
|
if(!game.observe&&!game.online){
|
||||||
try{
|
try{
|
||||||
var result = (new Function('_status','lib','game','ui','get','ai',`"use strict";\nreturn ${text2.value}`))(_status,lib,game,ui,get,ai);
|
var value=text2.value.trim();
|
||||||
|
if(value.endsWith(";")) value=value.slice(0,-1).trim();
|
||||||
|
var result=fun(reg,value,_status,lib,game,ui,get,ai);
|
||||||
game.print(result);
|
game.print(result);
|
||||||
}
|
}
|
||||||
catch(e){
|
catch(e){
|
||||||
|
@ -45199,14 +45206,16 @@
|
||||||
game.print=function(){
|
game.print=function(){
|
||||||
var args=[].slice.call(arguments);
|
var args=[].slice.call(arguments);
|
||||||
var printResult=args.map(arg=>{
|
var printResult=args.map(arg=>{
|
||||||
if(get.is.object(arg)){
|
if(get.is.object(arg)||typeof arg=='function'){
|
||||||
var argi=get.stringify(arg);
|
var argi=get.stringify(arg);
|
||||||
if(argi&&argi.length<5000){
|
if(argi/*&&argi.length<5000*/){
|
||||||
return argi;
|
return argi.replace(/&/g, '&')
|
||||||
}
|
.replace(/</g, '<')
|
||||||
else{
|
.replace(/>/g, '>')
|
||||||
return arg.toString();
|
.replace(/"/g, '"')
|
||||||
|
.replace(/'/g, ''');
|
||||||
}
|
}
|
||||||
|
else return arg.toString();
|
||||||
}else{
|
}else{
|
||||||
var str=String(arg);
|
var str=String(arg);
|
||||||
if (!/<[a-zA-Z]+[^>]*?\/?>.*?(?=<\/[a-zA-Z]+[^>]*?>|$)/.exec(str)) return String(arg)
|
if (!/<[a-zA-Z]+[^>]*?\/?>.*?(?=<\/[a-zA-Z]+[^>]*?>|$)/.exec(str)) return String(arg)
|
||||||
|
|
Loading…
Reference in New Issue