支持AMD

2015-01-16 20:27:23 +08:00
parent 04aaceb1b0
commit 85594379e2
8 changed files with 189 additions and 107 deletions
--- a/README.md
+++ b/README.md
@@ -9,10 +9,6 @@ Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whi
 --------------
 **NOTE: The format of custom configuration (except Whitelist) from version
 0.0.X was changed a lot since version 0.1.X. To use a newer version, it's
 suggested to read the following guidelines carefully.**
 **[中文版文档](https://github.com/leizongmin/js-xss/blob/master/README.zh.md)**
 `xss` is a module used to filter input from users to prevent XSS attacks.
@@ -61,17 +57,69 @@ For test code please refer to `benchmark` directory.
 Run `npm test` command in the source directary.
-## Active Test
+## Install
-Run the following command, them you can type HTML
+### NPM
 code in the command-line, and check the filtered output:
 ```bash
-$ xss -t
+$ npm install xss
 ```
 ### Bower
 ```bash
 $ bower install xss
 ```
 Or
 ```bash
 $ bower install https://github.com/leizongmin/js-xss.git
 ```
 ## Usages
 ### On Node.js
 ```JavaScript
 var xss = require('xss');
 var html = xss('<script>alert("xss");</script>');
 console.log(html);
 ```
 ### On Browser
 Shim mode (reference file `test/test.html`):
 ```HTML
 <script src="https://raw.github.com/leizongmin/js-xss/master/dist/xss.js"></script>
 <script>
 // apply function filterXSS in the same way
 var html = filterXSS('<script>alert("xss");</scr' + 'ipt>');
 alert(html);
 </script>
 ```
 AMD mode (reference file `test/test_amd.html`):
 ```HTML
 <script>
 require.config({
  baseUrl: './'
 })
 require(['xss'], function (xss) {
  var html = xss('<script>alert("xss");</scr' + 'ipt>');
  alert(html);
 });
 </script>
 ```
 ## Command Line Tool
 ### Process file
 You can use the xss command line tool to process a file. Usage:
 ```bash
@@ -84,45 +132,18 @@ Example:
 $ xss -i origin.html -o target.html
 ```
 ### Active Test
 Run the following command, them you can type HTML
 code in the command-line, and check the filtered output:
 ```bash
 $ xss -t
 ```
 For more details, please run `$ xss -h` to see it.
 ## Usages
 ### In Node.js
 To install:
 ```bash
 $ npm install xss
 ```
 Simple usage:
 ```JavaScript
 var xss = require('xss');
 var html = xss('<script>alert("xss");</script>');
 console.log(html);
 ```
 ### In browsers
 ```HTML
 <script src="https://raw.github.com/leizongmin/js-xss/master/dist/xss.js"></script>
 <script>
 // apply function filterXSS in the same way
 var html = filterXSS('<script>alert("xss");</scr' + 'ipt>');
 alert(html);
 </script>
 ```
 ### Bower
 ```bash
 $ bower install xss
 ```
 ## Custom filter rules
 When using the `xss()` function, the second parameter could be used to specify
--- a/README.zh.md
+++ b/README.zh.md
@@ -9,10 +9,6 @@
 --------------
 **注意：0.1.x版本与0.0.x版本在自定义配置（除白名单配置外）格式上有较大改动，如果
 要使用新版本，请详细阅读下文的使用说明**
 `xss`是一个用于对用户输入的内容进行过滤，以避免遭受XSS攻击的模块
 （[什么是XSS攻击？](http://baike.baidu.com/view/2161269.htm)）。主要用于论坛、博客、网上商店等等一些可允许用户录入页面排版、
 格式控制相关的HTML的场景，`xss`模块通过白名单来控制允许的标签及相关的标签属性，
@@ -54,12 +50,24 @@
 在源码目录执行命令： `npm test`
-## 在线测试
+## 安装
-执行以下命令，可在命令行中输入HTML代码，并看到过滤后的代码：
+### NPM
 ```bash
-$ xss -t
+$ npm install xss
 ```
 ### Bower
 ```bash
 $ bower install xss
 ```
 或者
 ```bash
 $ bower install https://github.com/leizongmin/js-xss.git
 ```
@@ -67,14 +75,6 @@ $ xss -t
 ### 在Node.js中使用
 安装：
 ```bash
 $ npm install xss
 ```
 简单使用方法：
 ```JavaScript
 var xss = require('xss');
 var html = xss('<script>alert("xss");</script>');
@@ -83,6 +83,8 @@ console.log(html);
 ### 在浏览器端使用
 Shim模式（参考文件 `test/test.html`）:
 ```HTML
 <script src="https://raw.github.com/leizongmin/js-xss/master/dist/xss.js"></script>
 <script>
@@ -92,15 +94,25 @@ alert(html);
 </script>
 ```
-### Bower
+AMD模式（参考文件 `test/test_amd.html`）:
-```bash
+```HTML
-$ bower install xss
+<script>
 require.config({
  baseUrl: './'
 })
 require(['xss'], function (xss) {
  var html = xss('<script>alert("xss");</scr' + 'ipt>');
  alert(html);
 });
 </script>
 ```
 ### 使用命令行工具来对文件进行XSS处理
 ### 处理文件
 可通过内置的 `xss` 命令来对输入的文件进行XSS处理。使用方法：
 ```bash
@@ -113,6 +125,14 @@ xss -i <源文件> -o <目标文件>
 $ xss -i origin.html -o target.html
 ```
 ### 在线测试
 执行以下命令，可在命令行中输入HTML代码，并看到过滤后的代码：
 ```bash
 $ xss -t
 ```
 详细命令行参数说明，请输入 `$ xss -h` 来查看。
--- a/bower.json
+++ b/bower.json
@@ -1,6 +1,6 @@
 {
  "name": "xss",
-  "version": "0.1.13",
+  "version": "0.1.17",
  "homepage": "https://github.com/leizongmin/js-xss",
  "authors": [
    "Zongmin Lei <leizongmin@gmail.com>"
@@ -9,7 +9,8 @@
  "main": "dist/xss.js",
  "moduleType": [
    "globals",
-    "node"
+    "node",
    "amd"
  ],
  "keywords": [
    "sanitization",
--- a/dist/test.html
+++ b/dist/test.html
@@ -5,11 +5,11 @@
  <meta charset="utf8">
 </head>
 <body>
-
+  <pre id="result"></pre>
 </body>
 </html>
 <script src="xss.js"></script>
 <script>
 var code = '<script>alert("xss");</' + 'script>';
-alert(code + '\n被转换成了\n' + filterXSS(code));
+document.querySelector('#result').innerText = code + '\n被转换成了\n' + filterXSS(code);
 </script>
--- a/dist/test_amd.html
+++ b/dist/test_amd.html
@@ -0,0 +1,20 @@
 <!doctype html>
 <html>
 <head>
  <title>测试</title>
  <meta charset="utf8">
 </head>
 <body>
  <pre id="result"></pre>
 </body>
 </html>
 <script type="text/javascript" src='http://cdn.staticfile.org/require.js/2.1.10/require.min.js'></script>
 <script>
 require.config({
  baseUrl: './'
 })
 require(['xss'], function (xss) {
  var code = '<script>alert("xss");</' + 'script>';
  document.querySelector('#result').innerText = code + '\n被转换成了\n' + xss(code);
 });
 </script>
--- a/dist/xss.js
+++ b/dist/xss.js
@@ -407,20 +407,20 @@ for (var i in DEFAULT) exports[i] = DEFAULT[i];
 for (var i in parser) exports[i] = parser[i];
 // 在浏览器端使用
 if (typeof window !== 'undefined') {
 // 低版本浏览器支持
 if (!Array.prototype.indexOf) {
  Array.prototype.indexOf = function (item) {
    for (var i = 0; i < this.length; i++) {
-        if(this[i] == item) return i;
+      if (this[i] === item) return i;
    }
    return -1;
  };
 }
 if (!Array.prototype.forEach) {
  Array.prototype.forEach = function (fn, scope) {
-      for (var i = 0; i < this.length; i++) fn.call(scope, this[i], i, this);
+    for (var i = 0; i < this.length; i++) {
      fn.call(scope, this[i], i, this);
    }
  };
 }
 if (!String.prototype.trim) {
@@ -428,7 +428,17 @@ if (typeof window !== 'undefined') {
    return this.replace(/(^\s*)|(\s*$)/g, '');
  };
 }
-  // 输出
+
 // 在AMD下使用
 if (typeof define === 'function' && define.amd) {
  define(function () {
    return module.exports;
  });
 }
 // 在浏览器端使用
 if (typeof window !== 'undefined') {
  window.filterXSS = module.exports;
 }
--- a/lib/index.js
+++ b/lib/index.js
@@ -29,20 +29,20 @@ for (var i in DEFAULT) exports[i] = DEFAULT[i];
 for (var i in parser) exports[i] = parser[i];
 // 在浏览器端使用
 if (typeof window !== 'undefined') {
 // 低版本浏览器支持
 if (!Array.prototype.indexOf) {
  Array.prototype.indexOf = function (item) {
    for (var i = 0; i < this.length; i++) {
-        if(this[i] == item) return i;
+      if (this[i] === item) return i;
    }
    return -1;
  };
 }
 if (!Array.prototype.forEach) {
  Array.prototype.forEach = function (fn, scope) {
-      for (var i = 0; i < this.length; i++) fn.call(scope, this[i], i, this);
+    for (var i = 0; i < this.length; i++) {
      fn.call(scope, this[i], i, this);
    }
  };
 }
 if (!String.prototype.trim) {
@@ -50,6 +50,16 @@ if (typeof window !== 'undefined') {
    return this.replace(/(^\s*)|(\s*$)/g, '');
  };
 }
-  // 输出
+
 // 在AMD下使用
 if (typeof define === 'function' && define.amd) {
  define(function () {
    return module.exports;
  });
 }
 // 在浏览器端使用
 if (typeof window !== 'undefined') {
  window.filterXSS = module.exports;
 }
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "xss",
  "main": "./lib/index.js",
-  "version": "0.1.16",
+  "version": "0.1.17",
  "description": "Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist. 根据白名单过滤HTML(防止XSS攻击)",
  "author": "leizongmin <leizongmin@gmail.com> (http://ucdok.com)",
  "contributors": [