/* [관련 플러그인] - common_func.js - format_util.js - value_obj_util.js - request_ctrl.js */ // common_xss_checker.js용 logger var _js_common_xss_checker_logger = null; { var _js_common_xss_checker_loggerInitParamObj = { "id": "common_xss_checker.js" // ,"lvl": CONST_JS_LOGGER_LVL.DEBUG }; try { _js_common_xss_checker_loggerInitParamObj["windowId"] = getJsCommWindowId(); } catch(e) {} _js_common_xss_checker_logger = new JsLoggerClass(_js_common_xss_checker_loggerInitParamObj); } var js_common_xss_checker_CONST_RES_CD = { "SUCCESS" : "SUCCESS" ,"FAIL" : "FAIL" ,"VALID" : "VALID" ,"INVALID" : "INVALID" ,"NOT_FOUND" : "NOT_FOUND" }; var _USER_DEFINED_VALUE_PATTERN_INFO = [ [ "str" ,"^(deviceId|org_deviceId|deviceDtlId|smsAuthReqId|smsAuthKeyVal)$", "i" ,"^([_0-9a-zA-Z\\-:.]+)$", "" ] ,[ "unsign_number" ,"^(cctvPortNo|firstPageNoInNaviBar|lastPageNoInNaviBar|locNo|coordX|coordY|maxPageNo|pageNo|pageNoListInNaviBar|recordNoPeriodFr|recordNoPeriodTo|resno|layerLvl|fontSize|scrWidthSize|scrHeightSize|thrsCompareSeq|libRotateDegree|deviceCnt|errorCnt|loginTryCnt|maxCntPerPage|smsCnt|smsRetryMaxCnt|prjCnt|totPageCnt|totRecordCnt|totRowCnt|libWidthSize|libHeightSize|beginRowIdx|deviceCnt|smsDelay|smsRedelay|total|records|page|menuLvl|rows|dataValue|orgLvl)$", "i" ,"^([0-9]([.][0-9]+)?|([1-9][0-9,]*[0-9]+([.][0-9]+)?))$", "" ] ,[ "number" ,"^(sendValue|sortOdrg)$", "i" ,"^([+-]?[0-9]([.][0-9]+)?|([1-9][0-9,]*[0-9]+([.][0-9]+)?))$", "" ] ,[ "boolean" ,"^(alarmYn|collectChartDataYn|smsAuthTargYn|ctrlYn|delYn|displayYn|flickerYn|ipChkYn|linkYn|monitorCtrlYn|sendYn|relayYn|smsYn|useYn|useAltTextYn|readOnly|result)$", "i" ,"^([Y|N|T|F|1|0]|(TRUE)|(FALSE))$", "i" ] ,[ "cd_type" ,"^(alarmLvlCd|cd|cdGroupId|deviceCommStatusCd|deviceTypeCd|hdayCd|libGrpCd|libTypeCd|loginResCd|objTypeCd|selUserClasCd|sessUserClasCd|tagValueTypeCd|textAlignTypeCd|userSttusCd|userClasCd|workResCd|bgColor|fontColor|cctvPlayerTypeCd)$", "i" ,"^([_0-9a-zA-Z\\*\\-\\,\\.#]*)$", "" ] ,[ "homepage_id" ,"^(homeId|homepageId)$", "i" ,"^([_0-9a-zA-Z\\-]+)$", "" ] ,[ "calc" ,"^(calc)$", "i" ,"^([_0-9a-zA-Z.\\%\\*\\-\\+\\^\\{\\}\\s]*)$", "" ] ,[ "tag_value" ,"^(tagValue|thrsBeginVal|thrsEndVal|ctrlVal)$", "i" ,"^([_0-9a-zA-Z.\\%\\*\\-\\+]*)$", "" ] ,[ "uri" ,"^(cctvUri)$", "i" ,"^(((http)|(https)|(rtsp))(:\\/\\/)[_0-9a-zA-Z\\-]+(\\/|[_0-9a-zA-Z.\\-:#,?=]+)*)$", "" ] ,[ "host" ,"^(cctvHost)$", "i" ,"^([_0-9a-zA-Z.\\-]*)$", "" ] ,[ "ip" ,"^(ipAddr|lastLoginIpAddr)$", "i" ,"^((1|2)?[0-9]?[0-9]([.](1|2)?[0-9]?[0-9]){3})$", "" ] ,[ "menuId" ,"^(upMenuId|menuId)$", "i" ,"^([_0-9a-zA-Z\\-]*)$", "" ] ,[ "userId" ,"^(cctvUserId|chgrId|cretrId|userId|workerId)$", "i" ,"^([_0-9a-zA-Z\\-]*)$", "" ] ,[ "orgId" ,"^(orgId|prjOrgId|refPrjOrgId|selOrgId|userPrjOrgId|hupOrgId|upOrgId|linkPrjOrgId|prjId)$", "i" ,"^([_0-9a-zA-Z\\-]{0,15})$", "" ] ,[ "id" ,"^(|libId|tagId|objId|prjObjId|thrsId|thrsLibId|tmplId|tmplDtlId|chartId)$", "i" ,"^([_0-9a-zA-Z\\-]{0,15})$", "" ] ,[ "bizNo" ,"^(corpNo)$", "i" ,"^([0-9\\-]{4,})$", "" ] ,[ "full_telNo" ,"^(reptTelNo|telNo|mobilePhoneNo|fax|contactTelNo)$", "i" ,"^(01([016789]|[3][0])[-]{0,1}[0-9]{3,4}[-]{0,1}[0-9]{3,4}|0[2-9]{1,3}[-]{0,1}[0-9]{3,4}[-]{0,1}[0-9]{3,4})$", "" ] ,[ "full_datetime" ,"^(chgDt|cretDt)$", "i" ,"^([1-9][0-9]{3}[-\\/.]?([0][1-9]|[1][0-2])[-\\/.]?([0][1-9]|[1-2][0-9]|[3][0-1])([\\s]*([0-1][0-9]|[2][0-3])[:.]?[0-5][0-9][:]?[0-5][0-9][.]?[0-9]{0,3})?)$", "" ] ,[ "yyyy-mm-dd" ,"^(openDay)$", "i" ,"^([1-9][0-9]{3}[-]?([0][1-9]|[1][0-2])[-]?([0][1-9]|[1-2][0-9]|[3][0-1]))$", "" ] ,[ "yyyymmdd" ,"^(ctrlDate|hdayDate|lastUserPwdChgDt|reportDate|logDt|lastLoginDt|lastPrjObjChgDt|transDt)$", "i" ,"^([1-9][0-9]{3}([0][1-9]|[1][0-2])([0][1-9]|[1-2][0-9]|[3][0-1]))$", "" ] ,[ "yyyymm" ,"^(selChartDate|selCtrlLogDate)$", "i" ,"^([1-9][0-9]{3}([0][1-9]|[1][0-2]))$", "" ] ,[ "year" ,"^(year)$", "i" ,"^([1-9][0-9]{3})$", "" ] ,[ "year_sch" ,"^(ctrlYear)$", "i" ,"^([*]|([1-9][0-9]{3}))$", "" ] ,[ "mm_sch" ,"^(ctrlMonth)$", "i" ,"^(([*]|[0][1-9]|[1][0-2]))$", "" ] ,[ "dd_sch" ,"^(ctrlDay)$", "i" ,"^(([*]|[0][1-9]|[1-2][0-2]|[3][0-1]))$", "" ] ,[ "hh_sch" ,"^(ctrlHour)$", "i" ,"^(([*]|[0][0-9]|[1][0-2]|[0-1][0-9]|[2][0-4]))$", "" ] ,[ "mi_sch" ,"^(ctrlMin)$", "i" ,"^(([*]|[0-9]|[0][0-9]|[1-5][0-9]|[6][0]))$", "" ] ,[ "post" ,"^(postNo)$", "i" ,"^(([0-9]{3}[-]?[0-9]{3}|[0-9]{5}))$", "" ] ,[ "addr_text" ,"^(addrTxt|addr1|addr2)$", "i" ,"^([:;!?·|₩「」『』@※☆★▶_0-9a-zA-Zㄱ-ㅎㅏ-ㅣ가-힣-.,<>~!@#$'`\\^\\&\\*\\+\\=\\?()\\[\\]\\{\\}\\/\\s\\s]+)$", "" ] ,[ "email" ,"^(email|loginId)$", "i" ,"^([0-9a-zA-Z][_0-9a-zA-Z-.]*@[_0-9a-zA-Z-]+(.[_0-9a-zA-Z-]+){1,2})$", "" ] ,[ "url" ,"^(menuUrl)$", "i" ,"^([_0-9a-zA-Z-.\\/\\:]+(\\?([_0-9a-zA-Z]+\\=[_0-9a-zA-Z]+)(&[_0-9a-zA-Z]+\\=[_0-9a-zA-Z]+)*)?)$", "" ] ,[ "file_path" ,"^(bgImgFileLoc|libImgFileLoc)$", "i" ,"^([:;!?·|₩_0-9a-zA-Zㄱ-ㅎㅏ-ㅣ가-힣-,<>~!@#$'`.\\/\\^\\&\\*\\+\\=\\?()\\[\\]\\{\\}\\s\\s]+)$", "" ] ,[ "file_name" ,"^(homeImg|homeLogoImg|homepageImg|homepageLogoImg)$", "i" ,"^([:;!?·|₩「」『』@※☆★▶_0-9a-zA-Zㄱ-ㅎㅏ-ㅣ가-힣-.,<>~!@#$'`\\^\\&\\*\\+\\=\\?()\\[\\]\\{\\}\\/\\s\\s]+\\S+.(?i)(doc|docx|xls|xlsx|ppt|pptx|pdf|txt|jpg|gif|png|csv))$", "" ] ,[ "human_name" ,"^(userNm|ceoNm)$", "i" ,"^([_0-9a-zA-Zㄱ-ㅎㅏ-ㅣ가-힣-.,~\\s]{2,})$", "" ] ,[ "limited_text" ,"^(alarmNm|alarmLvlNm|cdNm|cretrNm|ctrlTypeNm|deviceDtlNm|deviceNm|dweekNm|groupNm|hdayNm|libGrpNm|libNm|libTypeNm|linkPrjNm|loginResNm|menuNm|newGroupNm|tagNm|tagValueTypeNm|objNm|objTypeNm|orgNm|prjNm|prjObjNm|prjOrgNm|tmplNm|tmplDtlNm|sendStatusNm|userClasNm|userSttusNm|xcoordNm|ycoordNm|zcoordNm|displayAltText|displayFmt|tagValueUnitSymbol|tagDesc|title|tmplDesc|prjDesc|msg|rmark|thrsDesc|areaTxt|smsMsg|resValue|homepageTitle|homeTxt|hdayDesc|detailMsg|displayTagValue|chartNm|chartDesc)$", "i" ,"^([:;!?·|₩「」『』℃@※☆★▶_0-9a-zA-Zㄱ-ㅎㅏ-ㅣ가-힣-.,<>~!@#%$'`\\^\\&\\*\\+\\=\\?()\\[\\]\\{\\}\\/\\s\\s]+)$", "" ] ,[ "unknown" ,"^(accountSch|accountSchCondVal|deviceAddr|alarmLvl|cctvPwd|ctrlId|ctrlType|defHome|deviceStatusNm|deviceVer|dweek|enableMenu|errCode|etc|groupId|gubun|icNm|icPartNm|icPositionNm|LoginTime|memberSch|memberSchCondVal|orgSch|orgSchCondVal|userPwd|selGroup|sendResult|serial|smsId|smstype|t_[0-2][0-9]|a([0-9]|[1-6][0-9])|cmdTypeCd|xcoordPoint|ycoordPoint|zcoordPoint|zcoordNm)$", "i" ,"^([:;!?·|₩「」『』℃@※☆★▶_0-9a-zA-Zㄱ-ㅎㅏ-ㅣ가-힣-.,<>~!@#$'`\\^\\&\\*\\+\\=\\?()\\[\\]\\{\\}\\/\\s\\s]+)$", "" ] ];var _USER_DEFINED_VALUE_INVALID_INFO_TOKEN_LIST = [ "\",@" ,"%00" ,"#'" ,"%2a" ,"%2b" ,"%2c" ,"%3d" ,"%60" ,"%27" ,"/'" ,";'" ,"@'" ,"[']" ,"\\'" ,"^'" ,"{'}" ,"sysobjects" ,"'" ," 0) ) { var tmpSize = ignoreTokenList.length; var tmpIdx = 0; while(tmpIdx < tmpSize) { var ignoreToken = ignoreTokenList[tmpIdx].toLowerCase(); if (invalidToken.equals(ignoreToken)) { isIgnoreToken = true; break; } tmpIdx++; } } if (!isIgnoreToken) { if (value.toLowerCase().indexOf(invalidToken) > -1) { result = js_common_xss_checker_CONST_RES_CD.INVALID; break; } } idx++; } return result; } function js_common_xss_checker_fnCheckValidByRegex(value, pattern, flags) { var regexChecker = new RegExp(pattern, flags); result = (regexChecker.test(value))? js_common_xss_checker_CONST_RES_CD.VALID: js_common_xss_checker_CONST_RES_CD.INVALID; return result; } function js_common_xss_checker_fnCheckParameter(name, value) { var resObj = null; var resCd = js_common_xss_checker_CONST_RES_CD.INVALID; var isSuccess = false; if ( (value == undefined) || (value == null) || (value == "") ) { resCd = js_common_xss_checker_CONST_RES_CD.VALID; isSuccess = (resCd == js_common_xss_checker_CONST_RES_CD.VALID); resObj = _js_common_xss_checker_fnMakeResponseObj(isSuccess, {"resCd": resCd, "name": name, "value": value}); } else { var regexInfo = null; var size = _USER_DEFINED_VALUE_PATTERN_INFO.length; var idx = 0; while(idx < size) { var pattern = _USER_DEFINED_VALUE_PATTERN_INFO[idx][1]; var flags = _USER_DEFINED_VALUE_PATTERN_INFO[idx][2]; if (js_common_xss_checker_fnCheckValidByRegex(name, pattern, flags) == js_common_xss_checker_CONST_RES_CD.VALID) { regexInfo = _USER_DEFINED_VALUE_PATTERN_INFO[idx]; } idx++; } var text = name +" = "+ value; if (regexInfo != null) { var pattern = regexInfo[3]; var flags = regexInfo[4]; resCd = js_common_xss_checker_fnCheckValidByRegex(value, pattern, flags); text = text +"\n> isSuccess : "+ isSuccess; text = text +"\n> type : "+ regexInfo[0]; text = text +"\n> pattern : "+ pattern; text = text +"\n> flags : "+ flags; text = text +"\n> result : "+ result; if (resCd == js_common_xss_checker_CONST_RES_CD.INVALID) { var extractPattern = pattern; if (extractPattern.indexOf("^") == 0) { extractPattern = extractPattern.substring(1); } if (extractPattern.lastIndexOf("$") == (extractPattern.length - 1)) { extractPattern = extractPattern.substring(0, (extractPattern.length - 1)); } var extractFlags = flags; if (extractFlags.indexOf("g") == -1) { extractFlags = "g"+ extractFlags; } var regExp = new RegExp(extractPattern, extractFlags); var noMatchedText = ""; var matchedText = ""; var tmpStIdx = 0; do { var findResObj = regExp.exec(value); if (findResObj != null) { var findText = findResObj[0]; if (findResObj != null) { matchedText = matchedText +",\""+ findText +"\""; var tmpEdIdx = regExp.lastIndex - findText.length; if ( (tmpEdIdx > 0) && (tmpStIdx < tmpEdIdx) ) { noMatchedText = noMatchedText +",\""+ value.substring(tmpStIdx, tmpEdIdx) +"\""; tmpStIdx = regExp.lastIndex; } else { break; } } } } while(findResObj != null); if (matchedText != "") { matchedText = matchedText.substring(1); if (noMatchedText != "") { noMatchedText = noMatchedText.substring(1); } } else { noMatchedText = "\""+ value +"\""; } text = text +"\n> value : "+ value; text = text +"\n> extractPattern : "+ extractPattern; text = text +"\n> matchedText : "+ matchedText; text = text +"\n> noMatchedText : "+ noMatchedText; isSuccess = (resCd == js_common_xss_checker_CONST_RES_CD.VALID); resObj = _js_common_xss_checker_fnMakeResponseObj(isSuccess, {"resCd": resCd, "name": name, "value": value, "logTxt": text, "matchedTokens": matchedText, "noMatchedTokens": noMatchedText}); } else { isSuccess = (resCd == js_common_xss_checker_CONST_RES_CD.VALID); resObj = _js_common_xss_checker_fnMakeResponseObj(isSuccess, {"resCd": resCd, "name": name, "value": value, "logTxt": text}); } } else { resCd = js_common_xss_checker_fnCheckValidByToken(name, value); isSuccess = (resCd == js_common_xss_checker_CONST_RES_CD.VALID); resObj = _js_common_xss_checker_fnMakeResponseObj(isSuccess, {"resCd": resCd, "name": name, "value": value, "logTxt": "미정의 타입. 기본 체크."}); } _js_common_xss_checker_logger.debug(text.replace("\\n", "
")); } return resObj; } function _js_common_xss_checker_fnMakeResponseObj(isSuccess, data) { var resObj = {"isSuccess": isSuccess}; if ( data && (data != null) ) { resObj.data = JSON.parse(JSON.stringify(data)); } else { resObj.data = {}; } return resObj; }