leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

支持AMD

Browse Source
This commit is contained in:
Zongmin Lei
2015-01-16 20:27:23 +08:00
parent 04aaceb1b0
commit 85594379e2
8 changed files with 189 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
README.md
View File

@@ -9,10 +9,6 @@ Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whi
--------------
**NOTE: The format of custom configuration (except Whitelist) from version
0.0.X was changed a lot since version 0.1.X. To use a newer version, it's
suggested to read the following guidelines carefully.**
**[中文版文档](https://github.com/leizongmin/js-xss/blob/master/README.zh.md)**
`xss` is a module used to filter input from users to prevent XSS attacks.
@@ -61,17 +57,69 @@ For test code please refer to `benchmark` directory.
Run `npm test` command in the source directary.
## Active Test
## Install
Run the following command, them you can type HTML
code in the command-line, and check the filtered output:
### NPM
```bash
$ xss -t
$ npm install xss
```
### Bower
```bash
$ bower install xss
```
Or
```bash
$ bower install https://github.com/leizongmin/js-xss.git
```
## Usages
### On Node.js
```JavaScript
var xss = require('xss');
var html = xss('<script>alert("xss");</script>');
console.log(html);
```
### On Browser
Shim mode (reference file `test/test.html`):
```HTML
<script src="https://raw.github.com/leizongmin/js-xss/master/dist/xss.js"></script>
<script>
// apply function filterXSS in the same way
var html = filterXSS('<script>alert("xss");</scr' + 'ipt>');
alert(html);
</script>
```
AMD mode (reference file `test/test_amd.html`):
```HTML
<script>
require.config({
baseUrl: './'
})
require(['xss'], function (xss) {
var html = xss('<script>alert("xss");</scr' + 'ipt>');
alert(html);
});
</script>
```
## Command Line Tool
### Process file
You can use the xss command line tool to process a file. Usage:
```bash
@@ -84,45 +132,18 @@ Example:
$ xss -i origin.html -o target.html
```
### Active Test
Run the following command, them you can type HTML
code in the command-line, and check the filtered output:
```bash
$ xss -t
```
For more details, please run `$ xss -h` to see it.
## Usages
### In Node.js
To install:
```bash
$ npm install xss
```
Simple usage:
```JavaScript
var xss = require('xss');
var html = xss('<script>alert("xss");</script>');
console.log(html);
```
### In browsers
```HTML
<script src="https://raw.github.com/leizongmin/js-xss/master/dist/xss.js"></script>
<script>
// apply function filterXSS in the same way
var html = filterXSS('<script>alert("xss");</scr' + 'ipt>');
alert(html);
</script>
```
### Bower
```bash
$ bower install xss
```
## Custom filter rules
When using the `xss()` function, the second parameter could be used to specify

56
README.zh.md
View File

@@ -9,10 +9,6 @@
--------------
**注意0.1.x版本与0.0.x版本在自定义配置除白名单配置外格式上有较大改动如果
要使用新版本,请详细阅读下文的使用说明**
`xss`是一个用于对用户输入的内容进行过滤以避免遭受XSS攻击的模块
[什么是XSS攻击](http://baike.baidu.com/view/2161269.htm))。主要用于论坛、博客、网上商店等等一些可允许用户录入页面排版、
格式控制相关的HTML的场景`xss`模块通过白名单来控制允许的标签及相关的标签属性,
@@ -54,12 +50,24 @@
在源码目录执行命令: `npm test`
## 在线测试
## 安装
执行以下命令可在命令行中输入HTML代码并看到过滤后的代码
### NPM
```bash
$ xss -t
$ npm install xss
```
### Bower
```bash
$ bower install xss
```
或者
```bash
$ bower install https://github.com/leizongmin/js-xss.git
```
@@ -67,14 +75,6 @@ $ xss -t
### 在Node.js中使用
安装:
```bash
$ npm install xss
```
简单使用方法:
```JavaScript
var xss = require('xss');
var html = xss('<script>alert("xss");</script>');
@@ -83,6 +83,8 @@ console.log(html);
### 在浏览器端使用
Shim模式参考文件 `test/test.html`:
```HTML
<script src="https://raw.github.com/leizongmin/js-xss/master/dist/xss.js"></script>
<script>
@@ -92,15 +94,25 @@ alert(html);
</script>
```
### Bower
AMD模式参考文件 `test/test_amd.html`:
```bash
$ bower install xss
```HTML
<script>
require.config({
baseUrl: './'
})
require(['xss'], function (xss) {
var html = xss('<script>alert("xss");</scr' + 'ipt>');
alert(html);
});
</script>
```
### 使用命令行工具来对文件进行XSS处理
### 处理文件
可通过内置的 `xss` 命令来对输入的文件进行XSS处理。使用方法
```bash
@@ -113,6 +125,14 @@ xss -i <源文件> -o <目标文件>
$ xss -i origin.html -o target.html
```
### 在线测试
执行以下命令可在命令行中输入HTML代码并看到过滤后的代码
```bash
$ xss -t
```
详细命令行参数说明,请输入 `$ xss -h` 来查看。

5
bower.json
View File

@@ -1,6 +1,6 @@
{
"name": "xss",
"version": "0.1.13",
"version": "0.1.17",
"homepage": "https://github.com/leizongmin/js-xss",
"authors": [
"Zongmin Lei <leizongmin@gmail.com>"
@@ -9,7 +9,8 @@
"main": "dist/xss.js",
"moduleType": [
"globals",
"node"
"node",
"amd"
],
"keywords": [
"sanitization",

4
dist/test.html vendored
View File

@@ -5,11 +5,11 @@
<meta charset="utf8">
</head>
<body>
<pre id="result"></pre>
</body>
</html>
<script src="xss.js"></script>
<script>
var code = '<script>alert("xss");</' + 'script>';
alert(code + '\n被转换成了\n' + filterXSS(code));
document.querySelector('#result').innerText = code + '\n被转换成了\n' + filterXSS(code);
</script>

20
dist/test_amd.html vendored Normal file
View File

@@ -0,0 +1,20 @@
<!doctype html>
<html>
<head>
<title>测试</title>
<meta charset="utf8">
</head>
<body>
<pre id="result"></pre>
</body>
</html>
<script type="text/javascript" src='http://cdn.staticfile.org/require.js/2.1.10/require.min.js'></script>
<script>
require.config({
baseUrl: './'
})
require(['xss'], function (xss) {
var code = '<script>alert("xss");</' + 'script>';
document.querySelector('#result').innerText = code + '\n被转换成了\n' + xss(code);
});
</script>

36
dist/xss.js vendored
View File

@@ -407,28 +407,38 @@ for (var i in DEFAULT) exports[i] = DEFAULT[i];
for (var i in parser) exports[i] = parser[i];
// 在浏览器端使用
if (typeof window !== 'undefined') {
// 低版本浏览器支持
if (!Array.prototype.indexOf) {
// 低版本浏览器支持
if (!Array.prototype.indexOf) {
Array.prototype.indexOf = function (item) {
for(var i=0;i<this.length;i++){
if(this[i] == item) return i;
for (var i = 0; i < this.length; i++) {
if (this[i] === item) return i;
}
return -1;
};
}
if (!Array.prototype.forEach) {
}
if (!Array.prototype.forEach) {
Array.prototype.forEach = function (fn, scope) {
for (var i = 0; i < this.length; i++) fn.call(scope, this[i], i, this);
};
for (var i = 0; i < this.length; i++) {
fn.call(scope, this[i], i, this);
}
if(!String.prototype.trim){
};
}
if (!String.prototype.trim) {
String.prototype.trim = function () {
return this.replace(/(^\s*)|(\s*$)/g, '');
};
}
// 输出
}
// 在AMD下使用
if (typeof define === 'function' && define.amd) {
define(function () {
return module.exports;
});
}
// 在浏览器端使用
if (typeof window !== 'undefined') {
window.filterXSS = module.exports;
}

36
lib/index.js
View File

@@ -29,27 +29,37 @@ for (var i in DEFAULT) exports[i] = DEFAULT[i];
for (var i in parser) exports[i] = parser[i];
// 在浏览器端使用
if (typeof window !== 'undefined') {
// 低版本浏览器支持
if (!Array.prototype.indexOf) {
// 低版本浏览器支持
if (!Array.prototype.indexOf) {
Array.prototype.indexOf = function (item) {
for(var i=0;i<this.length;i++){
if(this[i] == item) return i;
for (var i = 0; i < this.length; i++) {
if (this[i] === item) return i;
}
return -1;
};
}
if (!Array.prototype.forEach) {
}
if (!Array.prototype.forEach) {
Array.prototype.forEach = function (fn, scope) {
for (var i = 0; i < this.length; i++) fn.call(scope, this[i], i, this);
};
for (var i = 0; i < this.length; i++) {
fn.call(scope, this[i], i, this);
}
if(!String.prototype.trim){
};
}
if (!String.prototype.trim) {
String.prototype.trim = function () {
return this.replace(/(^\s*)|(\s*$)/g, '');
};
}
// 输出
}
// 在AMD下使用
if (typeof define === 'function' && define.amd) {
define(function () {
return module.exports;
});
}
// 在浏览器端使用
if (typeof window !== 'undefined') {
window.filterXSS = module.exports;
}

2
package.json
View File

@@ -1,7 +1,7 @@
{
"name": "xss",
"main": "./lib/index.js",
"version": "0.1.16",
"version": "0.1.17",
"description": "Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist. 根据白名单过滤HTML(防止XSS攻击)",
"author": "leizongmin <leizongmin@gmail.com> (http://ucdok.com)",
"contributors": [