fix: 修复xss漏洞。

[Webb-L]

漏洞描述：

• nodeCreateContents.js 文件中调用 this.getData('text') 并没有对内容进行过滤导致出现 xss(存储型跨站脚本攻击) 漏洞。

• 这意味着攻击者可以通过巧妙引导用户执行恶意代码。这种情况下，如果用户使用了思绪思维导图客户端，攻击者就能够访问用户系统中的文件或执行恶意脚本。

漏洞利用：

网页端：

poc:

{"layout":"timeline","root":{"data":{"text":"poc<iframe xmlns=\"http://www.w3.org/1999/xhtml\" src=\"javascript:alert(1);\" width=\"0\" height=\"0\"/><p><strong style=\"font-size: 24px; font-family: 微软雅黑, &quot;Microsoft YaHei&quot;; color: rgb(255, 255, 255);\">根节点</strong></p>","richText":true,"expand":true,"isActive":false,"uid":"5bc7c815-71c5-4b7d-aa14-c223074bde8b","note":""},"children":[]},"theme":{"template":"classic4","config":{}},"view":{"transform":{"scaleX":1,"scaleY":1,"shear":0,"rotate":0,"translateX":-7,"translateY":-27,"originX":0,"originY":0,"a":1,"b":0,"c":0,"d":1,"e":-7,"f":-27},"state":{"scale":1,"x":-7,"y":-27,"sx":-467,"sy":-6}}}

https://github.com/wanglin2/mind-map/assets/57182600/b41696b2-9c3c-44a2-a591-8da02539d6c2

客户端：

poc:

{"layout":"timeline","root":{"data":{"text":"poc<iframe xmlns=\"http://www.w3.org/1999/xhtml\" src=\"javascript:fetch('file://C:/Windows/WindowsShell.Manifest').then(res=>res.text()).then(res=>alert(res));\" width=\"0\" height=\"0\"/><p><strong style=\"font-size: 24px; font-family: 微软雅黑, &quot;Microsoft YaHei&quot;; color: rgb(255, 255, 255);\">根节点</strong></p>","richText":true,"expand":true,"isActive":false,"uid":"5bc7c815-71c5-4b7d-aa14-c223074bde8b","note":""},"children":[]},"theme":{"template":"classic4","config":{}},"view":{"transform":{"scaleX":1,"scaleY":1,"shear":0,"rotate":0,"translateX":-7,"translateY":-27,"originX":0,"originY":0,"a":1,"b":0,"c":0,"d":1,"e":-7,"f":-27},"state":{"scale":1,"x":-7,"y":-27,"sx":-467,"sy":-6}}}

其他：

使用 defenseXSS 函数后并不会导致显示错误。