diff --git a/docs/RELEASE.md b/docs/RELEASE.md index fe077872..30e7ccef 100644 --- a/docs/RELEASE.md +++ b/docs/RELEASE.md @@ -1,7 +1,7 @@ # Changelog ## [Version: 2.7.1] - 2024-10-15 -【新增】pipeline管理工具集成 -【修复】兼容第三方应用传递 json 内容 +【新增】pipeline管理工具集成 +【优化】多行文本兼容 JSON、Markdown 格式 ## [Version: 2.7.0] - 2024-10-10 【新增】通知人员黑名单过滤 diff --git a/docs/RELEASE_EN.md b/docs/RELEASE_EN.md index b1a2716a..41498207 100644 --- a/docs/RELEASE_EN.md +++ b/docs/RELEASE_EN.md @@ -1,7 +1,7 @@ # Changelog ## [Version: 2.7.1] - 2024-10-15 -【Feature】Integrated pipeline management tool. -【Fix】Ensure compatibility for third-party applications transmitting JSON content. +【Feature】Integrated pipeline management tool. +【Improved】Ensure TEXT compatibility with JSON and Markdown formats. ## [Version: 2.7.0] - 2024-10-10 diff --git a/itsm/component/constants/flow.py b/itsm/component/constants/flow.py index 20446c69..361df462 100644 --- a/itsm/component/constants/flow.py +++ b/itsm/component/constants/flow.py @@ -330,8 +330,9 @@ ("CUSTOM_API", "自定义API"), ] -XSS_FIELD_TYPE = [ - "RICHTEXT" +FIELD_IGNORE_ESCAPE = [ + "FILE", + "TEXT" ] LAYOUT_CHOICES = [ diff --git a/itsm/ticket/models/ticket.py b/itsm/ticket/models/ticket.py index a0d9af10..bc42e664 100644 --- a/itsm/ticket/models/ticket.py +++ b/itsm/ticket/models/ticket.py @@ -143,7 +143,7 @@ BK_PLUGIN_STATE, SUSPENDED, SHOW_BY_CONDITION, - VARIABLE_LEADER, + VARIABLE_LEADER, FIELD_IGNORE_ESCAPE, ) from itsm.component.constants.trigger import ( CREATE_TICKET, @@ -3085,20 +3085,8 @@ def fill_state_fields(self, fields): filter_field_query_set = self.fields.filter(key__in=fields_map.keys()) for ticket_field in filter_field_query_set: ticket_field.value = fields_map[ticket_field.key]["value"] - if isinstance(ticket_field.value, str): - need_escape = True - # 附件不做xss处理 - if ticket_field.type == "FILE": - need_escape = False - # 如果文本是 json 格式,则不额外处理 - if ticket_field.type == "TEXT": - try: - json.loads(ticket_field.value) - need_escape = False - except Exception: - pass - if need_escape: - ticket_field.value = texteditor_escape(ticket_field.value) + if isinstance(ticket_field.value, str) and ticket_field.type not in FIELD_IGNORE_ESCAPE: + ticket_field.value = texteditor_escape(ticket_field.value) ticket_field.choice = fields_map[ticket_field.key].get("choice", []) language_config = (