feat: Allow loading attribute on img (#278)

Signed-off-by: maosmurf <github@maosmurf.com>
2023-03-23 03:19:18 +01:00
parent 4c3c7587f0
commit 8884b21308
2 changed files with 7 additions and 1 deletions
--- a/lib/default.js
+++ b/lib/default.js
@@ -57,7 +57,7 @@ function getDefaultWhiteList() {
    header: [],
    hr: [],
    i: [],
-    img: ["src", "alt", "title", "width", "height"],
+    img: ["src", "alt", "title", "width", "height", "loading"],
    ins: ["datetime"],
    li: [],
    mark: [],
--- a/test/test_xss.js
+++ b/test/test_xss.js
@@ -133,6 +133,12 @@ describe("test XSS", function() {
      ),
      '<img width="100" height="200" title="xxx" alt="\'yyy\'">'
    );
+    assert.equal(
+      xss(
+        '<img loading="lazy">'
+      ),
+      '<img loading="lazy">'
+    );

    // 使用Tab或换行符分隔的属性
    assert.equal(