update README

2015-11-18 10:21:56 +08:00
parent b546f64278
commit 2fb5bdb3f6
2 changed files with 43 additions and 45 deletions
--- a/README.md
+++ b/README.md
@@ -1,7 +1,6 @@
 [![NPM version](https://badge.fury.io/js/xss.png)](http://badge.fury.io/js/xss)
 [![Build Status](https://secure.travis-ci.org/leizongmin/js-xss.png?branch=master)](http://travis-ci.org/leizongmin/js-xss)
 [![Dependencies Status](https://david-dm.org/leizongmin/js-xss.png)](https://david-dm.org/leizongmin/js-xss)
 [![testling badge](https://ci.testling.com/leizongmin/js-xss.png)](https://ci.testling.com/leizongmin/js-xss)
 Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist.
 ======
@@ -83,7 +82,7 @@ $ bower install https://github.com/leizongmin/js-xss.git
 ### On Node.js
-```JavaScript
+```javascript
 var xss = require('xss');
 var html = xss('<script>alert("xss");</script>');
 console.log(html);
@@ -93,7 +92,7 @@ console.log(html);
 Shim mode (reference file `test/test.html`):
-```HTML
+```html
 <script src="https://raw.github.com/leizongmin/js-xss/master/dist/xss.js"></script>
 <script>
 // apply function filterXSS in the same way
@@ -104,7 +103,7 @@ alert(html);
 AMD mode (reference file `test/test_amd.html`):
-```HTML
+```html
 <script>
 require.config({
  baseUrl: './'
@@ -150,7 +149,7 @@ For more details, please run `$ xss -h` to see it.
 When using the `xss()` function, the second parameter could be used to specify
 custom rules:
-```JavaScript
+```javascript
 options = {};  // Custom rules
 html = xss('<script>alert("xss");</script>', options);
 ```
@@ -158,7 +157,7 @@ html = xss('<script>alert("xss");</script>', options);
 To avoid passing `options` every time, you can also do it in a faster way by
 creating a `FilterXSS` instance:
-```JavaScript
+```javascript
 options = {};  // Custom rules
 myxss = new xss.FilterXSS(options);
 // then apply myxss.process()
@@ -172,7 +171,7 @@ Details of parameters in `options` would be described below.
 By specifying a `whiteList`, e.g. `{ 'tagName': [ 'attr-1', 'attr-2' ] }`. Tags
 and attributes not in the whitelist would be filter out. For example:
-```JavaScript
+```javascript
 // only tag a and its attributes href, title, target are allowed
 var options = {
  whiteList: {
@@ -191,7 +190,7 @@ For the default whitelist, please refer `xss.whiteList`.
 By specifying the handler function with `onTag`:
-```JavaScript
+```javascript
 function onTag (tag, html, options) {
  // tag is the name of current tag, e.g. 'a' for tag <a>
  // html is the HTML of this tag, e.g. '<a>' for tag <a>
@@ -211,7 +210,7 @@ function onTag (tag, html, options) {
 By specifying the handler function with `onTagAttr`:
-```JavaScript
+```javascript
 function onTagAttr (tag, name, value, isWhiteAttr) {
  // tag is the name of current tag, e.g. 'a' for tag <a>
  // name is the name of current attribute, e.g. 'href' for href="#"
@@ -227,7 +226,7 @@ function onTagAttr (tag, name, value, isWhiteAttr) {
 By specifying the handler function with `onIgnoreTag`:
-```JavaScript
+```javascript
 function onIgnoreTag (tag, html, options) {
  // Parameters are the same with onTag
  // If a string is returned, the tag would be replaced with the string
@@ -240,7 +239,7 @@ function onIgnoreTag (tag, html, options) {
 By specifying the handler function with `onIgnoreTagAttr`:
-```JavaScript
+```javascript
 function onIgnoreTagAttr (tag, name, value, isWhiteAttr) {
  // Parameters are the same with onTagAttr
  // If a string is returned, the value would be replaced with this string
@@ -253,7 +252,7 @@ function onIgnoreTagAttr (tag, name, value, isWhiteAttr) {
 By specifying the handler function with `escapeHtml`. Following is the default
 function **(Modification is not recommended)**:
-```JavaScript
+```javascript
 function escapeHtml (html) {
  return html.replace(/</g, '&lt;').replace(/>/g, '&gt;');
 }
@@ -263,7 +262,7 @@ function escapeHtml (html) {
 By specifying the handler function with `safeAttrValue`:
-```JavaScript
+```javascript
 function safeAttrValue (tag, name, value) {
  // Parameters are the same with onTagAttr (without options)
  // Return the value as a string
@@ -283,13 +282,13 @@ Example:
 If `stripIgnoreTag = true` is set, the following code:
-```HTML
+```html
 code:<script>alert(/xss/);</script>
 ```
 would output filtered:
-```HTML
+```html
 code:alert(/xss/);
 ```
@@ -305,13 +304,13 @@ Example:
 If `stripIgnoreTagBody = ['script']` is set, the following code:
-```HTML
+```html
 code:<script>alert(/xss/);</script>
 ```
 would output filtered:
-```HTML
+```html
 code:
 ```
@@ -326,13 +325,13 @@ Example:
 If `allowCommentTag = false` is set, the following code:
-```HTML
+```html
 code:<!-- something --> END
 ```
 would output filtered:
-```HTML
+```html
 code: END
 ```
@@ -341,7 +340,7 @@ code: END
 ### Allow attributes of whitelist tags start with `data-`
-```JavaScript
+```javascript
 var source = '<div a="1" b="2" data-a="3" data-b="4">hello</div>';
 var html = xss(source, {
  onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
@@ -365,7 +364,7 @@ convert to:
 ### Allow tags start with `x-`
-```JavaScript
+```javascript
 var source = '<x><x-1>he<x-2 checked></x-2>wwww</x-1><a>';
 var html = xss(source, {
  onIgnoreTag: function (tag, html, options) {
@@ -389,7 +388,7 @@ convert to:
 ### Parse images in HTML
-```JavaScript
+```javascript
 var source = '<img src="img1">a<img src="img2">b<img src="img3">c<img src="img4">d';
 var list = [];
 var html = xss(source, {
@@ -416,7 +415,7 @@ img1, img2, img3, img4
 ### Filter out HTML tags (keeps only plain text)
-```JavaScript
+```javascript
 var source = '<strong>hello</strong><script>alert(/xss/);</script>end';
 var html = xss(source, {
  whiteList:          [],        // empty, means filter out all tags
--- a/README.zh.md
+++ b/README.zh.md
@@ -1,7 +1,6 @@
 [![NPM version](https://badge.fury.io/js/xss.png)](http://badge.fury.io/js/xss)
 [![Build Status](https://secure.travis-ci.org/leizongmin/js-xss.png?branch=master)](http://travis-ci.org/leizongmin/js-xss)
 [![Dependencies Status](https://david-dm.org/leizongmin/js-xss.png)](https://david-dm.org/leizongmin/js-xss)
 [![testling badge](https://ci.testling.com/leizongmin/js-xss.png)](https://ci.testling.com/leizongmin/js-xss)
 根据白名单过滤HTML(防止XSS攻击)
 ======
@@ -76,7 +75,7 @@ $ bower install https://github.com/leizongmin/js-xss.git
 ### 在Node.js中使用
-```JavaScript
+```javascript
 var xss = require('xss');
 var html = xss('<script>alert("xss");</script>');
 console.log(html);
@@ -86,7 +85,7 @@ console.log(html);
 Shim模式（参考文件 `test/test.html`）:
-```HTML
+```html
 <script src="https://raw.github.com/leizongmin/js-xss/master/dist/xss.js"></script>
 <script>
 // 使用函数名 filterXSS，用法一样
@@ -97,7 +96,7 @@ alert(html);
 AMD模式（参考文件 `test/test_amd.html`）:
-```HTML
+```html
 <script>
 require.config({
  baseUrl: './'
@@ -141,7 +140,7 @@ $ xss -t
 在调用 `xss()` 函数进行过滤时，可通过第二个参数来设置自定义规则：
-```JavaScript
+```javascript
 options = {};  // 自定义规则
 html = xss('<script>alert("xss");</script>', options);
 ```
@@ -163,7 +162,7 @@ html = myxss.process('<script>alert("xss");</script>');
 通过 `whiteList` 来指定，格式为：`{'标签名': ['属性1', '属性2']}`。不在白名单上
 的标签将被过滤，不在白名单上的属性也会被过滤。以下是示例：
-```JavaScript
+```javascript
 // 只允许a标签，该标签只允许href, title, target这三个属性
 var options = {
  whiteList: {
@@ -182,7 +181,7 @@ var options = {
 通过 `onTag` 来指定相应的处理函数。以下是详细说明：
-```JavaScript
+```javascript
 function onTag (tag, html, options) {
  // tag是当前的标签名称，比如<a>标签，则tag的值是'a'
  // html是该标签的HTML，比如<a>标签，则html的值是'<a>'
@@ -202,7 +201,7 @@ function onTag (tag, html, options) {
 通过 `onTagAttr` 来指定相应的处理函数。以下是详细说明：
-```JavaScript
+```javascript
 function onTagAttr (tag, name, value, isWhiteAttr) {
  // tag是当前的标签名称，比如<a>标签，则tag的值是'a'
  // name是当前属性的名称，比如href="#"，则name的值是'href'
@@ -219,7 +218,7 @@ function onTagAttr (tag, name, value, isWhiteAttr) {
 通过 `onIgnoreTag` 来指定相应的处理函数。以下是详细说明：
-```JavaScript
+```javascript
 function onIgnoreTag (tag, html, options) {
  // 参数说明与onTag相同
  // 如果返回一个字符串，则当前标签将被替换为该字符串
@@ -231,7 +230,7 @@ function onIgnoreTag (tag, html, options) {
 通过 `onIgnoreTagAttr` 来指定相应的处理函数。以下是详细说明：
-```JavaScript
+```javascript
 function onIgnoreTagAttr (tag, name, value, isWhiteAttr) {
  // 参数说明与onTagAttr相同
  // 如果返回一个字符串，则当前属性值将被替换为该字符串
@@ -243,7 +242,7 @@ function onIgnoreTagAttr (tag, name, value, isWhiteAttr) {
 通过 `escapeHtml` 来指定相应的处理函数。以下是默认代码 **（不建议修改）** ：
-```JavaScript
+```javascript
 function escapeHtml (html) {
  return html.replace(/</g, '&lt;').replace(/>/g, '&gt;');
 }
@@ -253,7 +252,7 @@ function escapeHtml (html) {
 通过 `safeAttrValue` 来指定相应的处理函数。以下是详细说明：
-```JavaScript
+```javascript
 function safeAttrValue (tag, name, value) {
  // 参数说明与onTagAttr相同（没有options参数）
  // 返回一个字符串表示该属性值
@@ -273,13 +272,13 @@ function safeAttrValue (tag, name, value) {
 当设置 `stripIgnoreTag = true`时，以下代码
-```HTML
+```html
 code:<script>alert(/xss/);</script>
 ```
 过滤后将输出
-```HTML
+```html
 code:alert(/xss/);
 ```
@@ -295,13 +294,13 @@ code:alert(/xss/);
 当设置 `stripIgnoreTagBody = ['script']`时，以下代码
-```HTML
+```html
 code:<script>alert(/xss/);</script>
 ```
 过滤后将输出
-```HTML
+```html
 code:
 ```
@@ -316,13 +315,13 @@ code:
 当设置 `allowCommentTag = false` 时，以下代码
-```HTML
+```html
 code:<!-- something --> END
 ```
 过滤后将输出
-```HTML
+```html
 code: END
 ```
@@ -331,7 +330,7 @@ code: END
 ### 允许标签以data-开头的属性
-```JavaScript
+```javascript
 var source = '<div a="1" b="2" data-a="3" data-b="4">hello</div>';
 var html = xss(source, {
  onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
@@ -355,7 +354,7 @@ convert to:
 ### 允许名称以x-开头的标签
-```JavaScript
+```javascript
 var source = '<x><x-1>he<x-2 checked></x-2>wwww</x-1><a>';
 var html = xss(source, {
  onIgnoreTag: function (tag, html, options) {
@@ -379,7 +378,7 @@ convert to:
 ### 分析HTML代码中的图片列表
-```JavaScript
+```javascript
 var source = '<img src="img1">a<img src="img2">b<img src="img3">c<img src="img4">d';
 var list = [];
 var html = xss(source, {
@@ -404,7 +403,7 @@ img1, img2, img3, img4
 ### 去除HTML标签（只保留文本内容）
-```JavaScript
+```javascript
 var source = '<strong>hello</strong><script>alert(/xss/);</script>end';
 var html = xss(source, {
  whiteList:          [],        // 白名单为空，表示过滤所有标签