leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

应用实例:允许标签以data-开头的属性

Browse Source
This commit is contained in:
Zongmin Lei
2014-02-13 16:46:37 +08:00
parent 5c46660e43
commit 0c27ec8163
2 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@@ -188,7 +188,25 @@ function safeAttrValue (tag, name, value) {
### 允许标签以data-开头的属性 ### 允许标签以data-开头的属性
```JavaScript ```JavaScript
// 待续 var source = '<div a="1" b="2" data-a="3" data-b="4">hello</div>';
var html = xss(source, {
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
if (name.substr(0, 5) === 'data-') {
// 通过内置的escapeAttrValue函数来对属性值进行转义
return name + '="' + xss.escapeAttrValue(value) + '"';
}
}
});
console.log('%s\nconvert to:\n%s', source, html);
```
运行结果:
```
<div a="1" b="2" data-a="3" data-b="4">hello</div>
convert to:
<div data-a="3" data-b="4">hello</div>
``` ```
### 允许名称以x开头的标签 ### 允许名称以x开头的标签

26
example/allows_attr_prefix.js Normal file
View File

@@ -0,0 +1,26 @@
/**
* 应用实例允许标签以data-开头的属性
*
* @author 老雷<leizongmin@gmail.com>
*/
var xss = require('../');
var source = '<div a="1" b="2" data-a="3" data-b="4">hello</div>';
var html = xss(source, {
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
if (name.substr(0, 5) === 'data-') {
// 通过内置的escapeAttrValue函数来对属性值进行转义
return name + '="' + xss.escapeAttrValue(value) + '"';
}
}
});
console.log('%s\nconvert to:\n%s', source, html);
/*
运行结果:
<div a="1" b="2" data-a="3" data-b="4">hello</div>
convert to:
<div data-a="3" data-b="4">hello</div>
*/