Hugging Face's logo

Spaces:
capta1n
/
aisdl-langdingpage
Running

App Files Community
capta1n commited on
Commit
8f1e860
·
verified ·
1 Parent(s): a5a3963

Add 2 files

Browse files
Files changed (2) hide show
  1. index.html +77 -46
  2. prompts.txt +2 -1
index.html CHANGED
@@ -254,7 +254,7 @@
254
  </div>
255
 
256
  <div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-5 gap-4">
257
- <div class="stats-card bg-gray-50 p-4 rounded-lg active-scan">
258
  <div class="flex items-center">
259
  <div class="bg-green-100 rounded-full h-10 w-10 flex items-center justify-center text-green-600 mr-3 flicker">
260
  <i class="fas fa-file-alt"></i>
@@ -319,12 +319,6 @@
319
  </div>
320
  </div>
321
  </div>
322
-
323
- <div class="mt-6 pt-4 border-t border-gray-200">
324
- <button class="bg-green-600 hover:bg-green-700 text-white font-medium py-2 px-4 rounded-md flex items-center justify-center transition">
325
- <i class="fas fa-file-pdf mr-2"></i> Generate Security Report
326
- </button>
327
- </div>
328
  </div>
329
  </div>
330
 
@@ -588,29 +582,6 @@
588
  </div>
589
  </div>
590
  </div>
591
-
592
- <!-- Floating Action Bar -->
593
- <div class="mt-6 bg-white border border-gray-200 rounded-lg p-4 shadow-sm">
594
- <div class="flex items-center justify-between">
595
- <div class="flex items-center">
596
- <div class="bg-green-100 rounded-full h-10 w-10 flex items-center justify-center text-green-600 mr-3">
597
- <i class="fas fa-robot"></i>
598
- </div>
599
- <div>
600
- <h4 class="text-sm font-medium text-gray-700">SDL Security Guardian</h4>
601
- <p class="text-xs text-gray-500">Continuously analyzing your SDL processes</p>
602
- </div>
603
- </div>
604
- <div class="flex space-x-2">
605
- <button class="bg-gray-100 hover:bg-gray-200 text-gray-800 font-medium py-2 px-4 rounded-md text-sm transition">
606
- <i class="fas fa-pause mr-1"></i> Pause
607
- </button>
608
- <button class="bg-green-600 hover:bg-green-700 text-white font-medium py-2 px-4 rounded-md text-sm transition">
609
- <i class="fas fa-sync-alt mr-1"></i> Rescan
610
- </button>
611
- </div>
612
- </div>
613
- </div>
614
  </div>
615
 
616
  <!-- Risk Alerts Section -->
@@ -885,7 +856,7 @@
885
 
886
  // 转义所有数据
887
  const escapedData = {};
888
- for (const key in data) {
889
  if (data.hasOwnProperty(key)) {
890
  escapedData[key] = escapeHtml(data[key]);
891
  }
@@ -1015,7 +986,7 @@
1015
 
1016
  if (isSafeUrl(url)) {
1017
  element.href = url;
1018
- } else {
1019
  element.removeAttribute('href');
1020
  console.warn('Unsafe URL blocked:', url);
1021
  }
@@ -1027,7 +998,7 @@
1027
 
1028
  if (isSafeUrl(src)) {
1029
  element.src = src;
1030
- } else {
1031
  element.removeAttribute('src');
1032
  console.warn('Unsafe image source blocked:', src);
1033
  }
@@ -1039,7 +1010,7 @@
1039
 
1040
  if (isSafeUrl(src)) {
1041
  element.src = src;
1042
- } else {
1043
  element.removeAttribute('src');
1044
  console.warn('Unsafe iframe source blocked:', src);
1045
  }
@@ -1051,7 +1022,7 @@
1051
 
1052
  if (isSafeUrl(action)) {
1053
  element.action = action;
1054
- } else {
1055
  element.removeAttribute('action');
1056
  console.warn('Unsafe form action blocked:', action);
1057
  }
@@ -1064,7 +1035,7 @@
1064
  // 验证类名只包含字母、数字、连字符和下划线
1065
  if (/^[a-zA-Z0-9-_]+$/.test(className)) {
1066
  element.classList.add(className);
1067
- } else {
1068
  console.warn('Invalid class name:', className);
1069
  }
1070
  }
@@ -1076,7 +1047,7 @@
1076
  // 验证类名只包含字母、数字、连字符和下划线
1077
  if (/^[a-zA-Z0-9-_]+$/.test(className)) {
1078
  element.classList.remove(className);
1079
- } else {
1080
  console.warn('Invalid class name:', className);
1081
  }
1082
  }
@@ -1088,7 +1059,7 @@
1088
  // 验证类名只包含字母、数字、连字符和下划线
1089
  if (/^[a-zA-Z0-9-_]+$/.test(className)) {
1090
  element.classList.toggle(className);
1091
- } else {
1092
  console.warn('Invalid class name:', className);
1093
  }
1094
  }
@@ -1100,7 +1071,7 @@
1100
  // 验证属性名只包含字母、数字和连字符
1101
  if (/^[a-zA-Z0-9-]+$/.test(name)) {
1102
  element.dataset[name] = escapeHtml(value);
1103
- } else {
1104
  console.warn('Invalid data attribute name:', name);
1105
  }
1106
  }
@@ -1112,7 +1083,7 @@
1112
  // 验证ID只包含字母、数字、连字符和下划线
1113
  if (/^[a-zA-Z0-9-_]+$/.test(id)) {
1114
  element.id = id;
1115
- } else {
1116
  console.warn('Invalid ID:', id);
1117
  }
1118
  }
@@ -1171,7 +1142,7 @@
1171
  // 验证属性名只包含字母、数字和连字符
1172
  if (/^[a-zA-Z0-9-]+$/.test(name)) {
1173
  element.setAttribute(name, escapeHtml(value));
1174
- } else {
1175
  console.warn('Invalid custom attribute name:', name);
1176
  }
1177
  }
@@ -1189,7 +1160,7 @@
1189
  // 验证事件名只包含字母
1190
  if (/^[a-zA-Z]+$/.test(event)) {
1191
  element.addEventListener(event, safeEventHandler(handler));
1192
- } else {
1193
  console.warn('Invalid event name:', event);
1194
  }
1195
  }
@@ -1201,7 +1172,7 @@
1201
  // 验证事件名只包含字母
1202
  if (/^[a-zA-Z]+$/.test(event)) {
1203
  element.removeEventListener(event, safeEventHandler(handler));
1204
- } else {
1205
  console.warn('Invalid event name:', event);
1206
  }
1207
  }
@@ -1213,7 +1184,7 @@
1213
  // 验证事件名只包含字母
1214
  if (/^[a-zA-Z]+$/.test(event)) {
1215
  element[`on${event}`] = safeEventHandler(handler);
1216
- } else {
1217
  console.warn('Invalid event name:', event);
1218
  }
1219
  }
@@ -1225,7 +1196,7 @@
1225
  // 验证变量名只包含字母、数字和连字符
1226
  if (/^--[a-zA-Z0-9-]+$/.test(name)) {
1227
  element.style.setProperty(name, escapeHtml(value));
1228
- } else {
1229
  console.warn('Invalid CSS variable name:', name);
1230
  }
1231
  }
@@ -1885,5 +1856,65 @@
1885
 
1886
  // 验证src是安全URL
1887
  if (!isSafeUrl(src)) {
1888
- console
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1889
  </html>
 
254
  </div>
255
 
256
  <div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-5 gap-4">
257
+ <div class="stats-card bg-gray-50 p-4 rounded-lg active-san">
258
  <div class="flex items-center">
259
  <div class="bg-green-100 rounded-full h-10 w-10 flex items-center justify-center text-green-600 mr-3 flicker">
260
  <i class="fas fa-file-alt"></i>
 
319
  </div>
320
  </div>
321
  </div>
 
 
 
 
 
 
322
  </div>
323
  </div>
324
 
 
582
  </div>
583
  </div>
584
  </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
585
  </div>
586
 
587
  <!-- Risk Alerts Section -->
 
856
 
857
  // 转义所有数据
858
  const escapedData = {};
859
+ for const key in data) {
860
  if (data.hasOwnProperty(key)) {
861
  escapedData[key] = escapeHtml(data[key]);
862
  }
 
986
 
987
  if (isSafeUrl(url)) {
988
  element.href = url;
989
+ else {
990
  element.removeAttribute('href');
991
  console.warn('Unsafe URL blocked:', url);
992
  }
 
998
 
999
  if (isSafeUrl(src)) {
1000
  element.src = src;
1001
+ else {
1002
  element.removeAttribute('src');
1003
  console.warn('Unsafe image source blocked:', src);
1004
  }
 
1010
 
1011
  if (isSafeUrl(src)) {
1012
  element.src = src;
1013
+ else {
1014
  element.removeAttribute('src');
1015
  console.warn('Unsafe iframe source blocked:', src);
1016
  }
 
1022
 
1023
  if (isSafeUrl(action)) {
1024
  element.action = action;
1025
+ else {
1026
  element.removeAttribute('action');
1027
  console.warn('Unsafe form action blocked:', action);
1028
  }
 
1035
  // 验证类名只包含字母、数字、连字符和下划线
1036
  if (/^[a-zA-Z0-9-_]+$/.test(className)) {
1037
  element.classList.add(className);
1038
+ else {
1039
  console.warn('Invalid class name:', className);
1040
  }
1041
  }
 
1047
  // 验证类名只包含字母、数字、连字符和下划线
1048
  if (/^[a-zA-Z0-9-_]+$/.test(className)) {
1049
  element.classList.remove(className);
1050
+ else {
1051
  console.warn('Invalid class name:', className);
1052
  }
1053
  }
 
1059
  // 验证类名只包含字母、数字、连字符和下划线
1060
  if (/^[a-zA-Z0-9-_]+$/.test(className)) {
1061
  element.classList.toggle(className);
1062
+ else {
1063
  console.warn('Invalid class name:', className);
1064
  }
1065
  }
 
1071
  // 验证属性名只包含字母、数字和连字符
1072
  if (/^[a-zA-Z0-9-]+$/.test(name)) {
1073
  element.dataset[name] = escapeHtml(value);
1074
+ else {
1075
  console.warn('Invalid data attribute name:', name);
1076
  }
1077
  }
 
1083
  // 验证ID只包含字母、数字、连字符和下划线
1084
  if (/^[a-zA-Z0-9-_]+$/.test(id)) {
1085
  element.id = id;
1086
+ else {
1087
  console.warn('Invalid ID:', id);
1088
  }
1089
  }
 
1142
  // 验证属性名只包含字母、数字和连字符
1143
  if (/^[a-zA-Z0-9-]+$/.test(name)) {
1144
  element.setAttribute(name, escapeHtml(value));
1145
+ else {
1146
  console.warn('Invalid custom attribute name:', name);
1147
  }
1148
  }
 
1160
  // 验证事件名只包含字母
1161
  if (/^[a-zA-Z]+$/.test(event)) {
1162
  element.addEventListener(event, safeEventHandler(handler));
1163
+ else {
1164
  console.warn('Invalid event name:', event);
1165
  }
1166
  }
 
1172
  // 验证事件名只包含字母
1173
  if (/^[a-zA-Z]+$/.test(event)) {
1174
  element.removeEventListener(event, safeEventHandler(handler));
1175
+ else {
1176
  console.warn('Invalid event name:', event);
1177
  }
1178
  }
 
1184
  // 验证事件名只包含字母
1185
  if (/^[a-zA-Z]+$/.test(event)) {
1186
  element[`on${event}`] = safeEventHandler(handler);
1187
+ else {
1188
  console.warn('Invalid event name:', event);
1189
  }
1190
  }
 
1196
  // 验证变量名只包含字母、数字和连字符
1197
  if (/^--[a-zA-Z0-9-]+$/.test(name)) {
1198
  element.style.setProperty(name, escapeHtml(value));
1199
+ else {
1200
  console.warn('Invalid CSS variable name:', name);
1201
  }
1202
  }
 
1856
 
1857
  // 验证src是安全URL
1858
  if (!isSafeUrl(src)) {
1859
+ console.warn('Unsafe noscript embed src:', src);
1860
+ return;
1861
+ }
1862
+
1863
+ // 查找或创建noscript元素
1864
+ let noscript = document.querySelector('noscript');
1865
+ if (!noscript) {
1866
+ noscript = document.createElement('noscript');
1867
+ document.body.appendChild(noscript);
1868
+ }
1869
+
1870
+ // 创建embed元素
1871
+ const embed = document.createElement('embed');
1872
+ embed.src = src;
1873
+ embed.type = escapeHtml(type);
1874
+
1875
+ // 添加到noscript
1876
+ noscript.appendChild(embed);
1877
+ }
1878
+
1879
+ // 安全设置noscript视频
1880
+ function safeSetNoscriptVideo(src, type) {
1881
+ if (!src || !type) return;
1882
+
1883
+ // 验证src是安全URL
1884
+ if (!isSafeUrl(src)) {
1885
+ console.warn('Unsafe noscript video src:', src);
1886
+ return;
1887
+ }
1888
+
1889
+ // 查找或创建noscript元素
1890
+ let noscript = document.querySelector('noscript');
1891
+ if (!noscript) {
1892
+ noscript = document.createElement('noscript');
1893
+ document.body.appendChild(noscript);
1894
+ }
1895
+
1896
+ // 创建video元素
1897
+ const video = document.createElement('video');
1898
+ video.src = src;
1899
+ video.type = escapeHtml(type);
1900
+
1901
+ // 添加到noscript
1902
+ noscript.appendChild(video);
1903
+ }
1904
+
1905
+ // 安全设置noscript音频
1906
+ function safeSetNoscriptAudio(src, type) {
1907
+ if (!src || !type) return;
1908
+
1909
+ // 验证src是安全URL
1910
+ if (!isSafeUrl(src)) {
1911
+ console.warn('Unsafe noscript audio src:', src);
1912
+ return;
1913
+ }
1914
+
1915
+ // 查找或创建noscript元素
1916
+ let noscript = document.querySelector('noscript');
1917
+ if (!noscript) {
1918
+ noscript = document.createElement('noscript');
1919
+
1920
  </html>
prompts.txt CHANGED
@@ -1 +1,2 @@
1
- 修复项目中存在的xss问题
 
 
1
+ 修复项目中存在的xss问题
2
+ 删除里面的Generate Security Report和pause/rescan功能模块