From 44e569a8a183196da4145e1460adeed6ac94ee3e Mon Sep 17 00:00:00 2001 From: leizongmin Date: Thu, 20 Sep 2012 20:55:42 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=B7=A5=E5=85=B7=E5=87=BD?= =?UTF-8?q?=E6=95=B0=EF=BC=8C=E6=8F=90=E4=BE=9B=E4=B8=80=E4=BA=9B=E7=89=B9?= =?UTF-8?q?=E6=AE=8A=E5=BA=94=E7=94=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 ++ index.js | 3 +++ test/test_xss.js | 35 +++++++++------------------------- utils.js | 49 ++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 26 deletions(-) create mode 100644 utils.js diff --git a/README.md b/README.md index 724f766..13fbc24 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,8 @@ var html = xss('', options); console.log(html); ``` +## 其他应用 + ## 测试 diff --git a/index.js b/index.js index 35321f0..258e162 100644 --- a/index.js +++ b/index.js @@ -276,3 +276,6 @@ exports = module.exports = function (html, options) { exports.whiteList = defaultWhiteList; exports.onTagAttr = defaultOnTagAttr; exports.onIgnoreTag = defaultOnIgnoreTag; + +// 工具函数 +exports.utils = require('./utils'); diff --git a/test/test_xss.js b/test/test_xss.js index 3b5a2d1..1c19817 100644 --- a/test/test_xss.js +++ b/test/test_xss.js @@ -113,35 +113,18 @@ describe('test XSS', function () { assert.deepEqual(position, [4, 30, 50]); assert.deepEqual(originalPosition, [4, 24, 38]); - // 替换检验 - var hidden = []; - var posStart = false; + // 替换检验 utils.tagFilter() + var filter = xss.utils.tagFilter(['script']); var html = xss('script is , wahaha!!', { - onIgnoreTag: function (tag, html, options) { - if (tag === 'script') { - var ret = '[removed]'; - if (posStart !== false && options.isClosing) { - var end = options.position + ret.length; - hidden.push([posStart, end]); - posStart = false; - } else { - posStart = options.position; - } - return ret; - } - } + onIgnoreTag: filter.onIgnoreTag }); - var rethtml = ''; - var lastPos = 0; - hidden.forEach(function (pos) { - rethtml += html.slice(lastPos, pos[0]); - lastPos = pos[1]; + assert.equal(filter.filter(html), 'script is , wahaha!!'); + + var filter = xss.utils.tagFilter(['x2']); + var html = xss('ddsfd', { + onIgnoreTag: filter.onIgnoreTag }); - rethtml += html.slice(lastPos); - //console.log(hidden); - //console.log(html); - //console.log(rethtml); - assert.equal(rethtml, 'script is , wahaha!!'); + assert.equal(filter.filter(html), '<x1><x3>fd</x3>'); }); diff --git a/utils.js b/utils.js new file mode 100644 index 0000000..5235275 --- /dev/null +++ b/utils.js @@ -0,0 +1,49 @@ +/** + * 工具函数 + * + * @author 老雷 + */ + +var utils = module.exports; + +/** + * 过滤代码块 + * + * @param {array} tags 要隐藏的标签列表 + * @param {function} next 对不在列表中的标签的处理函数 + */ +utils.tagFilter = function (tags, next) { + if (typeof(next) !== 'function') { + next = function () {}; + } + var hidden = []; + var posStart = false; + return { + onIgnoreTag: function (tag, html, options) { + if (tags.indexOf(tag) !== -1) { + var ret = '[removed]'; + if (posStart !== false && options.isClosing) { + var end = options.position + ret.length; + hidden.push([posStart, end]); + posStart = false; + } else { + posStart = options.position; + } + return ret; + } else { + return next(tag, html, options); + } + }, + filter: function (html) { + var rethtml = ''; + var lastPos = 0; + hidden.forEach(function (pos) { + rethtml += html.slice(lastPos, pos[0]); + lastPos = pos[1]; + }); + rethtml += html.slice(lastPos); + return rethtml; + } + }; +}; +