feat: add eslint:recommended check
This commit is contained in:
lumburr
18
.eslintrc.js
Normal file
18
.eslintrc.js
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
module.exports = {
|
||||||
|
"env": {
|
||||||
|
"browser": true,
|
||||||
|
"commonjs": true,
|
||||||
|
"es2021": true,
|
||||||
|
"node": true
|
||||||
|
},
|
||||||
|
"extends": "eslint:recommended",
|
||||||
|
"parserOptions": {
|
||||||
|
"ecmaVersion": "latest"
|
||||||
|
},
|
||||||
|
"globals": {
|
||||||
|
"DedicatedWorkerGlobalScope": "readonly",
|
||||||
|
},
|
||||||
|
"rules": {
|
||||||
|
"no-unused-vars": ["error", { "vars": "all", "args": "none" }],
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -233,11 +233,11 @@ var REGEXP_QUOTE_2 = /"/g;
|
|||||||
var REGEXP_ATTR_VALUE_1 = /&#([a-zA-Z0-9]*);?/gim;
|
var REGEXP_ATTR_VALUE_1 = /&#([a-zA-Z0-9]*);?/gim;
|
||||||
var REGEXP_ATTR_VALUE_COLON = /:?/gim;
|
var REGEXP_ATTR_VALUE_COLON = /:?/gim;
|
||||||
var REGEXP_ATTR_VALUE_NEWLINE = /&newline;?/gim;
|
var REGEXP_ATTR_VALUE_NEWLINE = /&newline;?/gim;
|
||||||
var REGEXP_DEFAULT_ON_TAG_ATTR_3 = /\/\*|\*\//gm;
|
// var REGEXP_DEFAULT_ON_TAG_ATTR_3 = /\/\*|\*\//gm;
|
||||||
var REGEXP_DEFAULT_ON_TAG_ATTR_4 =
|
var REGEXP_DEFAULT_ON_TAG_ATTR_4 =
|
||||||
/((j\s*a\s*v\s*a|v\s*b|l\s*i\s*v\s*e)\s*s\s*c\s*r\s*i\s*p\s*t\s*|m\s*o\s*c\s*h\s*a)\:/gi;
|
/((j\s*a\s*v\s*a|v\s*b|l\s*i\s*v\s*e)\s*s\s*c\s*r\s*i\s*p\s*t\s*|m\s*o\s*c\s*h\s*a):/gi;
|
||||||
var REGEXP_DEFAULT_ON_TAG_ATTR_5 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:/gi;
|
// var REGEXP_DEFAULT_ON_TAG_ATTR_5 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:/gi;
|
||||||
var REGEXP_DEFAULT_ON_TAG_ATTR_6 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:\s*image\//gi;
|
// var REGEXP_DEFAULT_ON_TAG_ATTR_6 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:\s*image\//gi;
|
||||||
var REGEXP_DEFAULT_ON_TAG_ATTR_7 =
|
var REGEXP_DEFAULT_ON_TAG_ATTR_7 =
|
||||||
/e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n\s*\(.*/gi;
|
/e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n\s*\(.*/gi;
|
||||||
var REGEXP_DEFAULT_ON_TAG_ATTR_8 = /u\s*r\s*l\s*\(.*/gi;
|
var REGEXP_DEFAULT_ON_TAG_ATTR_8 = /u\s*r\s*l\s*\(.*/gi;
|
||||||
|
|||||||
@@ -23,8 +23,8 @@ function filterXSS(html, options) {
|
|||||||
exports = module.exports = filterXSS;
|
exports = module.exports = filterXSS;
|
||||||
exports.filterXSS = filterXSS;
|
exports.filterXSS = filterXSS;
|
||||||
exports.FilterXSS = FilterXSS;
|
exports.FilterXSS = FilterXSS;
|
||||||
for (var i in DEFAULT) exports[i] = DEFAULT[i];
|
for (let i in DEFAULT) exports[i] = DEFAULT[i];
|
||||||
for (var i in parser) exports[i] = parser[i];
|
for (let i in parser) exports[i] = parser[i];
|
||||||
|
|
||||||
// using `xss` on the browser, output `filterXSS` to the globals
|
// using `xss` on the browser, output `filterXSS` to the globals
|
||||||
if (typeof window !== "undefined") {
|
if (typeof window !== "undefined") {
|
||||||
|
|||||||
@@ -13,11 +13,12 @@ var _ = require("./util");
|
|||||||
* @return {String}
|
* @return {String}
|
||||||
*/
|
*/
|
||||||
function getTagName(html) {
|
function getTagName(html) {
|
||||||
var i = _.spaceIndex(html);
|
let i = _.spaceIndex(html);
|
||||||
|
let tagName;
|
||||||
if (i === -1) {
|
if (i === -1) {
|
||||||
var tagName = html.slice(1, -1);
|
tagName = html.slice(1, -1);
|
||||||
} else {
|
} else {
|
||||||
var tagName = html.slice(1, i + 1);
|
tagName = html.slice(1, i + 1);
|
||||||
}
|
}
|
||||||
tagName = _.trim(tagName).toLowerCase();
|
tagName = _.trim(tagName).toLowerCase();
|
||||||
if (tagName.slice(0, 1) === "/") tagName = tagName.slice(1);
|
if (tagName.slice(0, 1) === "/") tagName = tagName.slice(1);
|
||||||
@@ -112,7 +113,7 @@ function parseTag(html, onTag, escapeHtml) {
|
|||||||
return rethtml;
|
return rethtml;
|
||||||
}
|
}
|
||||||
|
|
||||||
var REGEXP_ILLEGAL_ATTR_NAME = /[^a-zA-Z0-9_:\.\-]/gim;
|
var REGEXP_ILLEGAL_ATTR_NAME = /[^a-zA-Z0-9_:.-]/gim;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* parse input attributes and returns processed attributes
|
* parse input attributes and returns processed attributes
|
||||||
|
|||||||
10
lib/xss.js
10
lib/xss.js
@@ -134,7 +134,7 @@ FilterXSS.prototype.process = function (html) {
|
|||||||
// if enable stripIgnoreTagBody
|
// if enable stripIgnoreTagBody
|
||||||
var stripIgnoreTagBody = false;
|
var stripIgnoreTagBody = false;
|
||||||
if (options.stripIgnoreTagBody) {
|
if (options.stripIgnoreTagBody) {
|
||||||
var stripIgnoreTagBody = DEFAULT.StripTagBody(
|
stripIgnoreTagBody = DEFAULT.StripTagBody(
|
||||||
options.stripIgnoreTagBody,
|
options.stripIgnoreTagBody,
|
||||||
onIgnoreTag
|
onIgnoreTag
|
||||||
);
|
);
|
||||||
@@ -148,7 +148,7 @@ FilterXSS.prototype.process = function (html) {
|
|||||||
sourcePosition: sourcePosition,
|
sourcePosition: sourcePosition,
|
||||||
position: position,
|
position: position,
|
||||||
isClosing: isClosing,
|
isClosing: isClosing,
|
||||||
isWhite: whiteList.hasOwnProperty(tag),
|
isWhite: Object.prototype.hasOwnProperty.call(whiteList, tag),
|
||||||
};
|
};
|
||||||
|
|
||||||
// call `onTag()`
|
// call `onTag()`
|
||||||
@@ -178,21 +178,21 @@ FilterXSS.prototype.process = function (html) {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// call `onIgnoreTagAttr()`
|
// call `onIgnoreTagAttr()`
|
||||||
var ret = onIgnoreTagAttr(tag, name, value, isWhiteAttr);
|
ret = onIgnoreTagAttr(tag, name, value, isWhiteAttr);
|
||||||
if (!isNull(ret)) return ret;
|
if (!isNull(ret)) return ret;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
// build new tag html
|
// build new tag html
|
||||||
var html = "<" + tag;
|
html = "<" + tag;
|
||||||
if (attrsHtml) html += " " + attrsHtml;
|
if (attrsHtml) html += " " + attrsHtml;
|
||||||
if (attrs.closing) html += " /";
|
if (attrs.closing) html += " /";
|
||||||
html += ">";
|
html += ">";
|
||||||
return html;
|
return html;
|
||||||
} else {
|
} else {
|
||||||
// call `onIgnoreTag()`
|
// call `onIgnoreTag()`
|
||||||
var ret = onIgnoreTag(tag, html, info);
|
ret = onIgnoreTag(tag, html, info);
|
||||||
if (!isNull(ret)) return ret;
|
if (!isNull(ret)) return ret;
|
||||||
return escapeHtml(html);
|
return escapeHtml(html);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -20,6 +20,7 @@
|
|||||||
"browserify": "^17.0.0",
|
"browserify": "^17.0.0",
|
||||||
"coveralls": "^3.1.0",
|
"coveralls": "^3.1.0",
|
||||||
"debug": "^4.1.1",
|
"debug": "^4.1.1",
|
||||||
|
"eslint": "^8.10.0",
|
||||||
"mocha": "^8.3.2",
|
"mocha": "^8.3.2",
|
||||||
"nyc": "^15.1.0",
|
"nyc": "^15.1.0",
|
||||||
"uglify-js": "^3.9.4"
|
"uglify-js": "^3.9.4"
|
||||||
@@ -34,6 +35,7 @@
|
|||||||
"xss": "./bin/xss"
|
"xss": "./bin/xss"
|
||||||
},
|
},
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
"lint": "eslint lib/**",
|
||||||
"test": "export DEBUG=xss:* && mocha -t 5000",
|
"test": "export DEBUG=xss:* && mocha -t 5000",
|
||||||
"test-cov": "nyc --reporter=lcov mocha --exit \"test/*.js\" && nyc report",
|
"test-cov": "nyc --reporter=lcov mocha --exit \"test/*.js\" && nyc report",
|
||||||
"coveralls": "cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js",
|
"coveralls": "cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js",
|
||||||
|
|||||||
Reference in New Issue
Block a user