(echarts-handbook) branch master updated: tweak sample.

Fri, 24 Oct 2025 03:33:34 -0700 

This is an automated email from the ASF dual-hosted git repository.

sushuang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/echarts-handbook.git


The following commit(s) were added to refs/heads/master by this push:
     new 3629a02  tweak sample.
3629a02 is described below

commit 3629a02d83e8bb23269429625a739c157345b4d2
Author: 100pah <[email protected]>
AuthorDate: Fri Oct 24 18:32:24 2025 +0800

    tweak sample.
---
 contents/en/best-practices/security.md | 4 ++--
 contents/zh/best-practices/security.md | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/contents/en/best-practices/security.md 
b/contents/en/best-practices/security.md
index c50b8b6..5dda921 100644
--- a/contents/en/best-practices/security.md
+++ b/contents/en/best-practices/security.md
@@ -54,12 +54,12 @@ formatter: params => {
     // charactors like '<', '>', etc.
     // Additionally, it introduces XSS risks if `name` or `value` come from
     // untrusted sources, where malicious code may be injected into that 
strings.
-    return `${name}, <b>${value + ''}</b>`;
+    return `${name}, <b>${value}</b>`;
 }
 // Correct and safe.
 formatter: params => {
     const { name, value } = params;
-    return `${echarts.format.encodeHTML(name)}, 
<b>${echarts.format.encodeHTML(value + '')}<b/>`;
+    return `${echarts.format.encodeHTML(name)}, 
<b>${echarts.format.encodeHTML(value)}<b/>`;
 }
 ```
 
diff --git a/contents/zh/best-practices/security.md 
b/contents/zh/best-practices/security.md
index 574d79b..db95c4b 100644
--- a/contents/zh/best-practices/security.md
+++ b/contents/zh/best-practices/security.md
@@ -53,12 +53,12 @@ formatter: params => {
     const { name, value } = params;
     // 如果 name 或 value 中含有功能性字符,如 '<' '>' 等,则可能渲染不正确。
     // 同时,如果 name 或 value 的值来自于“非受信任”的来源,则可能被注入恶意代码并运行。
-    return `${name}, <b>${value + ''}<b/>`;
+    return `${name}, <b>${value}<b/>`;
 }
 // 功能正确且安全。
 formatter: params => {
     const { name, value } = params;
-    return `${echarts.format.encodeHTML(name)}, 
<b>${echarts.format.encodeHTML(value + '')}</b>`;
+    return `${echarts.format.encodeHTML(name)}, 
<b>${echarts.format.encodeHTML(value)}</b>`;
 }
 ```
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to