publish: v1.0.15
This commit is contained in:
LEI Zongmin
@@ -1,5 +1,10 @@
|
||||
# CHANGELOG
|
||||
|
||||
## v1.0.15 (2024-03-03)
|
||||
|
||||
- [feat: add <kbd> to default whitelist](https://github.com/leizongmin/js-xss/pull/279) by @rayrny
|
||||
- [feat: single-quoted attribute value syntax support](https://github.com/leizongmin/js-xss/pull/287) by @mdk000
|
||||
|
||||
## v1.0.14 (2022-08-16)
|
||||
|
||||
- [fix: problem with not closed tag](https://github.com/leizongmin/js-xss/pull/262) by @slawiko
|
||||
|
||||
9
dist/xss.js
vendored
9
dist/xss.js
vendored
@@ -58,8 +58,9 @@ function getDefaultWhiteList() {
|
||||
header: [],
|
||||
hr: [],
|
||||
i: [],
|
||||
img: ["src", "alt", "title", "width", "height"],
|
||||
img: ["src", "alt", "title", "width", "height", "loading"],
|
||||
ins: ["datetime"],
|
||||
kbd: [],
|
||||
li: [],
|
||||
mark: [],
|
||||
nav: [],
|
||||
@@ -456,6 +457,7 @@ exports.onIgnoreTagStripAll = onIgnoreTagStripAll;
|
||||
exports.StripTagBody = StripTagBody;
|
||||
exports.stripCommentTag = stripCommentTag;
|
||||
exports.stripBlankChar = stripBlankChar;
|
||||
exports.attributeWrapSign = '"';
|
||||
exports.cssFilter = defaultCSSFilter;
|
||||
exports.getDefaultCSSWhiteList = getDefaultCSSWhiteList;
|
||||
|
||||
@@ -910,6 +912,8 @@ function FilterXSS(options) {
|
||||
options.whiteList = DEFAULT.whiteList;
|
||||
}
|
||||
|
||||
this.attributeWrapSign = options.singleQuotedAttributeValue === true ? "'" : DEFAULT.attributeWrapSign;
|
||||
|
||||
options.onTag = options.onTag || DEFAULT.onTag;
|
||||
options.onTagAttr = options.onTagAttr || DEFAULT.onTagAttr;
|
||||
options.onIgnoreTag = options.onIgnoreTag || DEFAULT.onIgnoreTag;
|
||||
@@ -947,6 +951,7 @@ FilterXSS.prototype.process = function (html) {
|
||||
var onIgnoreTagAttr = options.onIgnoreTagAttr;
|
||||
var safeAttrValue = options.safeAttrValue;
|
||||
var escapeHtml = options.escapeHtml;
|
||||
var attributeWrapSign = me.attributeWrapSign;
|
||||
var cssFilter = me.cssFilter;
|
||||
|
||||
// remove invisible characters
|
||||
@@ -1000,7 +1005,7 @@ FilterXSS.prototype.process = function (html) {
|
||||
// call `safeAttrValue()`
|
||||
value = safeAttrValue(tag, name, value, cssFilter);
|
||||
if (value) {
|
||||
return name + '="' + value + '"';
|
||||
return name + '=' + attributeWrapSign + value + attributeWrapSign;
|
||||
} else {
|
||||
return name;
|
||||
}
|
||||
|
||||
2
dist/xss.min.js
vendored
2
dist/xss.min.js
vendored
File diff suppressed because one or more lines are too long
@@ -2,7 +2,7 @@
|
||||
"name": "xss",
|
||||
"main": "./lib/index.js",
|
||||
"typings": "./typings/xss.d.ts",
|
||||
"version": "1.0.14",
|
||||
"version": "1.0.15",
|
||||
"description": "Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist",
|
||||
"author": "Zongmin Lei <leizongmin@gmail.com> (http://ucdok.com)",
|
||||
"repository": {
|
||||
|
||||
Reference in New Issue
Block a user