add:登录页面防止xss

WebUI/CallCenterWeb.UI/login.html

@@ -1,62 +1,70 @@
 <!DOCTYPE html>
 <html lang="en">
 
-	<head>
-		<meta charset="utf-8">
-		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
-		<title>登录</title>
-		<meta name="keywords">
-		<meta name="description">
-		<meta name="renderer" content="webkit">
-		<link rel="shortcut icon" href="img/32.ico" />
-		<link rel="stylesheet" href="./css/init.css" />
-		<script src="./Script/Common/huayi.load.js"></script>
-		<script src="./Script/Common/huayi.config.js"></script>
-		<script src="./js/jquery.md5.js"></script>
-		<script src="./js/aes/crypto-js.js"></script>
-		<style>
-			html {
-				margin: 0 auto;
-				padding: 0;
-				height: 100%;
-				
-			}
-			body {
-				height: 100%;
-				background: #fff;
-			}
-			.wrap {
-				width: 100%;
-				height: 100%;
-			}
-			.wrap_right {
-				float: left;
-				width: 50%;
-				height: 100%;
-			}
-			.wrap_left{
-				float: left;
-				width: 50%;
-				height: 100%;
-			}
-			.wrap_right{
-				position: relative;
-			}
-			.wrap_bj {
-				width: 100%;
-				height: 100%;
-				background: url(img/left_amg_01.jpg) no-repeat;
-				background-size: 100% 100%;
-			}
-			.tab_box {
-				border: 1px solid #41caf2;
-				border-top-right-radius: 15px;
-				border-bottom-left-radius: 15px;
-				margin: 50px auto 65px;
-				padding: 0;
-				overflow: hidden;
-				width: 410px;
-			}
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
+	<title>登录</title>
+	<meta name="keywords">
+	<meta name="description">
+	<meta name="renderer" content="webkit">
+	<link rel="shortcut icon" href="img/32.ico" />
+	<link rel="stylesheet" href="./css/init.css" />
+	<script src="./Script/Common/huayi.load.js"></script>
+	<script src="./Script/Common/huayi.config.js"></script>
+	<script src="./js/jquery.md5.js"></script>
+	<script src="./js/purify.min.js"></script>
+	<script src="./js/aes/crypto-js.js"></script>
+	<style>
+		html {
+			margin: 0 auto;
+			padding: 0;
+			height: 100%;
+		}
+
+		body {
+			height: 100%;
+			background: #fff;
+		}
+
+		.wrap {
+			width: 100%;
+			height: 100%;
+		}
+
+		.wrap_right {
+			float: left;
+			width: 50%;
+			height: 100%;
+		}
+
+		.wrap_left {
+			float: left;
+			width: 50%;
+			height: 100%;
+		}
+
+		.wrap_right {
+			position: relative;
+		}
+
+		.wrap_bj {
+			width: 100%;
+			height: 100%;
+			background: url(img/left_amg_01.jpg) no-repeat;
+			background-size: 100% 100%;
+		}
+
+		.tab_box {
+			border: 1px solid #41caf2;
+			border-top-right-radius: 15px;
+			border-bottom-left-radius: 15px;
+			margin: 50px auto 65px;
+			padding: 0;
+			overflow: hidden;
+			width: 410px;
+		}
+
 			.tab_box ul {
 				list-style: none;
 				margin: 0;
@@ -69,17 +77,21 @@
 				border-bottom: 1px solid #41caf2;
 				text-align: center;
 			}
-			.tab_box ul li {
-				width: 50%;
-				float: left;
-			}
-			.active {
-				background: #41caf2;
-				color: #fff;
-			}
-			.tab_content {
-				margin: 57px 0 35px 0;
-			}
+
+				.tab_box ul li {
+					width: 50%;
+					float: left;
+				}
+
+		.active {
+			background: #41caf2;
+			color: #fff;
+		}
+
+		.tab_content {
+			margin: 57px 0 35px 0;
+		}
+
 			.tab_content div p {
 				width: 80%;
 				margin: 0 auto;
@@ -90,89 +102,100 @@
 				line-height: 30px;
 				padding-left: 20px;
 			}
-			.tab_content div p input {
-				width: 75%;
-				border: 0;
-				font-size: 16px;
-				outline: none;
-				font-family: "仿宋", "宋体";
-			}
-			.login_icon {
-				display: inline-block;
-				width: 17px;
-				height: 19px;
-				vertical-align: middle;
-				margin-right: 15px;
-			}
-			.login_icon_user {
-				background: url(img/login_user.png) no-repeat;
-			}
-			.login_icon_lock {
-				background: url(img/login_lock.png) no-repeat;
-			}
-			.login_icon_hua {
-				background: url(img/login_hua.png) no-repeat;
-			}
-			.login_go {
-				text-align: center;
-				padding: 0!important;
-				font-size: 16px;
-				letter-spacing: 16px;
-				font-family: "仿宋", "宋体";
-				color: #fff;
-				filter: progid:DXImageTransform.Microsoft.gradient(startcolorstr=#1f90ec, endcolorstr=#1cb5ef, gradientType=1);
-				background: -webkit-gradient(li near, 0 0, 100% 0, from(#1f90ec), to(#1cb5ef));
-				background: -webkit-linear-gradient(left, #1f90ec, #1cb5ef);
-				background: -moz-linear-gradient(left, #1f90ec, #1cb5ef);
-				background: -o-linear-gradient(left, #1f90ec, #1cb5ef);
-				background: linear-gradient(left, #1f90ec, #1cb5ef);
-				cursor: pointer;
-			}
-			
-			.error {
-				height: 13px;
-				background: url(img/yz.png) no-repeat 0 -8px;
-				display: none;
-			}
-			.errorShow {
-				display: inline-block;
-			}
-			.rightCon{
-				width: 100%;
-				position: absolute;
-				top: 0;
-				bottom: 0;
-				right: 0;
-				left: 0;
-				margin: auto;
-				height: 580px;
-			}
-			.leftCon{
-				width: 30%;
-				position: absolute;
-				top: 41%;
-				bottom: 0;
-				right: 0;
-				left: 50%;
-				margin: auto;
-			}
-			.leftCon img{
+
+				.tab_content div p input {
+					width: 75%;
+					border: 0;
+					font-size: 16px;
+					outline: none;
+					font-family: "仿宋", "宋体";
+				}
+
+		.login_icon {
+			display: inline-block;
+			width: 17px;
+			height: 19px;
+			vertical-align: middle;
+			margin-right: 15px;
+		}
+
+		.login_icon_user {
+			background: url(img/login_user.png) no-repeat;
+		}
+
+		.login_icon_lock {
+			background: url(img/login_lock.png) no-repeat;
+		}
+
+		.login_icon_hua {
+			background: url(img/login_hua.png) no-repeat;
+		}
+
+		.login_go {
+			text-align: center;
+			padding: 0 !important;
+			font-size: 16px;
+			letter-spacing: 16px;
+			font-family: "仿宋", "宋体";
+			color: #fff;
+			filter: progid:DXImageTransform.Microsoft.gradient(startcolorstr=#1f90ec, endcolorstr=#1cb5ef, gradientType=1);
+			background: -webkit-gradient(li near, 0 0, 100% 0, from(#1f90ec), to(#1cb5ef));
+			background: -webkit-linear-gradient(left, #1f90ec, #1cb5ef);
+			background: -moz-linear-gradient(left, #1f90ec, #1cb5ef);
+			background: -o-linear-gradient(left, #1f90ec, #1cb5ef);
+			background: linear-gradient(left, #1f90ec, #1cb5ef);
+			cursor: pointer;
+		}
+
+		.error {
+			height: 13px;
+			background: url(img/yz.png) no-repeat 0 -8px;
+			display: none;
+		}
+
+		.errorShow {
+			display: inline-block;
+		}
+
+		.rightCon {
+			width: 100%;
+			position: absolute;
+			top: 0;
+			bottom: 0;
+			right: 0;
+			left: 0;
+			margin: auto;
+			height: 580px;
+		}
+
+		.leftCon {
+			width: 30%;
+			position: absolute;
+			top: 41%;
+			bottom: 0;
+			right: 0;
+			left: 50%;
+			margin: auto;
+		}
+
+			.leftCon img {
 				width: 100%;
 			}
-			.leftCon p{
+
+			.leftCon p {
 				font-size: 28px;
-				letter-spacing:10px;
-				color:#e60111;
+				letter-spacing: 10px;
+				color: #e60111;
 				line-height: 80px;
 			}
-			.service{
-				width: 100%;
-				position: absolute;
-				bottom: 30px;
-				
-			}
-		</style>
-	</head>
+
+		.service {
+			width: 100%;
+			position: absolute;
+			bottom: 30px;
+		}
+	</style>
+</head>
 	<body class="signin">
 		<div class="wrap clearfix">
 			<div class="wrap_left" style="position: relative;">
@@ -264,12 +287,12 @@
 				
 				//坐席登录
 				$('.login_zx').click(function(){
-					var zx_user = $(".zx_user").val();
-					var zx_fj = $(".zx_fj").val();
-					var zx_psw = $(".zx_psw").val();
+                    var zx_user = DOMPurify.sanitize($(".zx_user").val());
+                    var zx_fj = DOMPurify.sanitize($(".zx_fj").val());
+                    var zx_psw = DOMPurify.sanitize($(".zx_psw").val());
 					if(zx_user == ""  || zx_fj == "" || zx_psw == "") {
 						$(".error_zx").addClass('errorShow');
-						if($(".zx_user").val() == "") {
+                        if (zx_user== "") {
 							$(".zx_user").focus(function() {
 								$(".error_zx").removeClass('errorShow');
 							});
@@ -354,11 +377,11 @@
 				
 				//用户登录
 				$('.login_gl').click(function() {
-					var gl_user = $(".gl_user").val();
-					var gl_psw = $(".gl_psw").val();
+					var gl_user = DOMPurify.sanitize($(".gl_user").val());
+                    var gl_psw = DOMPurify.sanitize($(".gl_psw").val());
 					if(gl_user == "" || gl_psw == "") {
 						$(".error_gl").addClass('errorShow');
-						if($(".gl_user").val() == "") {
+                        if (gl_user == "") {
 							$(".gl_user").focus(function() {
 								$(".error_gl").removeClass('errorShow');
 							});