leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix, as suggested by Ronald J Kimball

Browse Source
This commit is contained in:
sijanec
2020-02-22 21:59:36 +01:00
committed by GitHub
parent 07ac8b16c1
commit 8efd6327ae
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/default.js
View File

@@ -159,11 +159,10 @@ function safeAttrValue(tag, name, value, cssFilter) {
value.substr(0, 8) === "https://" ||
value.substr(0, 7) === "mailto:" ||
value.substr(0, 4) === "tel:" ||
value.substr(0, 4) === "tel:" ||
value.substr(0, 11) === "data:image/" ||
value.substr(0, 6) === "ftp://" ||
value.substr(0, 2) === "./" ||
value.substr(0, 2) === "../" ||
value.substr(0, 3) === "../" ||
value[0] === "#" ||
value[0] === "/"
)