refactor typings, not support xss(), use filterXSS()
This commit is contained in:
Zongmin Lei
@@ -6,25 +6,27 @@
|
||||
* @author Zongmin Lei<leizongmin@gmail.com>
|
||||
*/
|
||||
|
||||
import xss = require('xss');
|
||||
import xss = require("xss");
|
||||
|
||||
const x = new xss.FilterXSS();
|
||||
|
||||
x.process('html');
|
||||
x.process("html");
|
||||
|
||||
const a = xss.StripTagBody([], () => {});
|
||||
console.log(a.onIgnoreTag, a.remove);
|
||||
|
||||
console.log(xss('hello'));
|
||||
console.log(xss('hello', {
|
||||
onTag(tag: string, html: string, options: {}): string {
|
||||
return html;
|
||||
},
|
||||
css: false,
|
||||
}));
|
||||
console.log(xss.filterXSS("hello"));
|
||||
console.log(
|
||||
xss.filterXSS("hello", {
|
||||
onTag(tag: string, html: string, options: {}): string {
|
||||
return html;
|
||||
},
|
||||
css: false
|
||||
})
|
||||
);
|
||||
|
||||
xss('hello');
|
||||
xss('hello', {
|
||||
xss.filterXSS("hello");
|
||||
xss.filterXSS("hello", {
|
||||
escapeHtml(str) {
|
||||
return str.trim();
|
||||
},
|
||||
@@ -32,18 +34,16 @@ xss('hello', {
|
||||
onTag(tag, html, options) {
|
||||
return html;
|
||||
},
|
||||
onIgnoreTag(tag, html) {
|
||||
|
||||
},
|
||||
onIgnoreTag(tag, html) {}
|
||||
});
|
||||
|
||||
|
||||
interface ICustomWhiteList extends XSS.IWhiteList {
|
||||
interface ICustomWhiteList extends xss.IWhiteList {
|
||||
view?: string[];
|
||||
}
|
||||
|
||||
const whiteList: ICustomWhiteList = xss.getDefaultWhiteList();
|
||||
console.log(whiteList.abbr);
|
||||
whiteList.view = [ 'class', 'style', 'id' ];
|
||||
whiteList.view = ["class", "style", "id"];
|
||||
console.log(whiteList);
|
||||
|
||||
filterXSS("hello");
|
||||
|
||||
283
typings/xss.d.ts
vendored
283
typings/xss.d.ts
vendored
@@ -4,147 +4,170 @@
|
||||
* @author Zongmin Lei<leizongmin@gmail.com>
|
||||
*/
|
||||
|
||||
export = XSS;
|
||||
export as namespace xss;
|
||||
|
||||
declare global {
|
||||
function filterXSS(html: string, options?: XSS.IFilterXSSOptions): string;
|
||||
function filterXSS(html: string, options?: IFilterXSSOptions): string;
|
||||
}
|
||||
|
||||
declare namespace XSS {
|
||||
export interface IFilterXSSOptions {
|
||||
whiteList?: IWhiteList;
|
||||
onTag?: OnTagHandler;
|
||||
onTagAttr?: OnTagAttrHandler;
|
||||
onIgnoreTag?: OnTagHandler;
|
||||
onIgnoreTagAttr?: OnTagAttrHandler;
|
||||
safeAttrValue?: SafeAttrValueHandler;
|
||||
escapeHtml?: EscapeHandler;
|
||||
stripIgnoreTag?: boolean;
|
||||
stripIgnoreTagBody?: boolean | string[];
|
||||
allowCommentTag?: boolean;
|
||||
stripBlankChar?: boolean;
|
||||
css?: {} | boolean;
|
||||
}
|
||||
|
||||
interface IFilterXSSOptions {
|
||||
whiteList?: IWhiteList;
|
||||
onTag?: OnTagHandler;
|
||||
onTagAttr?: OnTagAttrHandler;
|
||||
onIgnoreTag?: OnTagHandler;
|
||||
onIgnoreTagAttr?: OnTagAttrHandler;
|
||||
safeAttrValue?: SafeAttrValueHandler;
|
||||
escapeHtml?: EscapeHandler;
|
||||
stripIgnoreTag?: boolean;
|
||||
stripIgnoreTagBody?: boolean | string[];
|
||||
allowCommentTag?: boolean;
|
||||
stripBlankChar?: boolean;
|
||||
css?: {} | boolean;
|
||||
}
|
||||
export interface IWhiteList {
|
||||
a?: string[];
|
||||
abbr?: string[];
|
||||
address?: string[];
|
||||
area?: string[];
|
||||
article?: string[];
|
||||
aside?: string[];
|
||||
audio?: string[];
|
||||
b?: string[];
|
||||
bdi?: string[];
|
||||
bdo?: string[];
|
||||
big?: string[];
|
||||
blockquote?: string[];
|
||||
br?: string[];
|
||||
caption?: string[];
|
||||
center?: string[];
|
||||
cite?: string[];
|
||||
code?: string[];
|
||||
col?: string[];
|
||||
colgroup?: string[];
|
||||
dd?: string[];
|
||||
del?: string[];
|
||||
details?: string[];
|
||||
div?: string[];
|
||||
dl?: string[];
|
||||
dt?: string[];
|
||||
em?: string[];
|
||||
font?: string[];
|
||||
footer?: string[];
|
||||
h1?: string[];
|
||||
h2?: string[];
|
||||
h3?: string[];
|
||||
h4?: string[];
|
||||
h5?: string[];
|
||||
h6?: string[];
|
||||
header?: string[];
|
||||
hr?: string[];
|
||||
i?: string[];
|
||||
img?: string[];
|
||||
ins?: string[];
|
||||
li?: string[];
|
||||
mark?: string[];
|
||||
nav?: string[];
|
||||
ol?: string[];
|
||||
p?: string[];
|
||||
pre?: string[];
|
||||
s?: string[];
|
||||
section?: string[];
|
||||
small?: string[];
|
||||
span?: string[];
|
||||
sub?: string[];
|
||||
sup?: string[];
|
||||
strong?: string[];
|
||||
table?: string[];
|
||||
tbody?: string[];
|
||||
td?: string[];
|
||||
tfoot?: string[];
|
||||
th?: string[];
|
||||
thead?: string[];
|
||||
tr?: string[];
|
||||
tt?: string[];
|
||||
u?: string[];
|
||||
ul?: string[];
|
||||
video?: string[];
|
||||
}
|
||||
|
||||
interface IWhiteList {
|
||||
a?: string[];
|
||||
abbr?: string[];
|
||||
address?: string[];
|
||||
area?: string[];
|
||||
article?: string[];
|
||||
aside?: string[];
|
||||
audio?: string[];
|
||||
b?: string[];
|
||||
bdi?: string[];
|
||||
bdo?: string[];
|
||||
big?: string[];
|
||||
blockquote?: string[];
|
||||
br?: string[];
|
||||
caption?: string[];
|
||||
center?: string[];
|
||||
cite?: string[];
|
||||
code?: string[];
|
||||
col?: string[];
|
||||
colgroup?: string[];
|
||||
dd?: string[];
|
||||
del?: string[];
|
||||
details?: string[];
|
||||
div?: string[];
|
||||
dl?: string[];
|
||||
dt?: string[];
|
||||
em?: string[];
|
||||
font?: string[];
|
||||
footer?: string[];
|
||||
h1?: string[];
|
||||
h2?: string[];
|
||||
h3?: string[];
|
||||
h4?: string[];
|
||||
h5?: string[];
|
||||
h6?: string[];
|
||||
header?: string[];
|
||||
hr?: string[];
|
||||
i?: string[];
|
||||
img?: string[];
|
||||
ins?: string[];
|
||||
li?: string[];
|
||||
mark?: string[];
|
||||
nav?: string[];
|
||||
ol?: string[];
|
||||
p?: string[];
|
||||
pre?: string[];
|
||||
s?: string[];
|
||||
section?: string[];
|
||||
small?: string[];
|
||||
span?: string[];
|
||||
sub?: string[];
|
||||
sup?: string[];
|
||||
strong?: string[];
|
||||
table?: string[];
|
||||
tbody?: string[];
|
||||
td?: string[];
|
||||
tfoot?: string[];
|
||||
th?: string[];
|
||||
thead?: string[];
|
||||
tr?: string[];
|
||||
tt?: string[];
|
||||
u?: string[];
|
||||
ul?: string[];
|
||||
video?: string[];
|
||||
}
|
||||
export type OnTagHandler = (
|
||||
tag: string,
|
||||
html: string,
|
||||
options: {}
|
||||
) => string | void;
|
||||
|
||||
type OnTagHandler = (tag: string, html: string, options: {}) => string | void;
|
||||
export type OnTagAttrHandler = (
|
||||
tag: string,
|
||||
name: string,
|
||||
value: string,
|
||||
isWhiteAttr: boolean
|
||||
) => string | void;
|
||||
|
||||
type OnTagAttrHandler = (tag: string, name: string, value: string, isWhiteAttr: boolean) => string | void;
|
||||
export type SafeAttrValueHandler = (
|
||||
tag: string,
|
||||
name: string,
|
||||
value: string,
|
||||
cssFilter: ICSSFilter
|
||||
) => string;
|
||||
|
||||
type SafeAttrValueHandler = (tag: string, name: string, value: string, cssFilter: ICSSFilter) => string;
|
||||
export type EscapeHandler = (str: string) => string;
|
||||
|
||||
type EscapeHandler = (str: string) => string;
|
||||
export interface ICSSFilter {
|
||||
process(value: string): string;
|
||||
}
|
||||
|
||||
interface ICSSFilter {
|
||||
process(value: string): string;
|
||||
}
|
||||
|
||||
function StripTagBody(tags: string[], next: () => void): {
|
||||
onIgnoreTag(tag: string, html: string, options: {
|
||||
export function StripTagBody(
|
||||
tags: string[],
|
||||
next: () => void
|
||||
): {
|
||||
onIgnoreTag(
|
||||
tag: string,
|
||||
html: string,
|
||||
options: {
|
||||
position: number;
|
||||
isClosing: boolean;
|
||||
}): string;
|
||||
remove(html: string): string;
|
||||
};
|
||||
}
|
||||
): string;
|
||||
remove(html: string): string;
|
||||
};
|
||||
|
||||
class FilterXSS {
|
||||
constructor(options?: XSS.IFilterXSSOptions);
|
||||
process(html: string): string;
|
||||
}
|
||||
|
||||
interface filterXSS {
|
||||
(html: string, options?: XSS.IFilterXSSOptions): string;
|
||||
|
||||
FilterXSS: typeof FilterXSS;
|
||||
parseTag(html: string, onTag: (sourcePosition: number, position: number, tag: string, html: string, isClosing: boolean) => string, escapeHtml: XSS.EscapeHandler): string;
|
||||
parseAttr(html: string, onAttr: (name: string, value: string) => string): string;
|
||||
whiteList: XSS.IWhiteList;
|
||||
getDefaultWhiteList(): XSS.IWhiteList;
|
||||
onTag: XSS.OnTagHandler;
|
||||
onIgnoreTag: XSS.OnTagHandler;
|
||||
onTagAttr: XSS.OnTagAttrHandler;
|
||||
onIgnoreTagAttr: XSS.OnTagAttrHandler;
|
||||
safeAttrValue: XSS.SafeAttrValueHandler;
|
||||
escapeHtml: XSS.EscapeHandler;
|
||||
escapeQuote: XSS.EscapeHandler;
|
||||
unescapeQuote: XSS.EscapeHandler;
|
||||
escapeHtmlEntities: XSS.EscapeHandler;
|
||||
escapeDangerHtml5Entities: XSS.EscapeHandler;
|
||||
clearNonPrintableCharacter: XSS.EscapeHandler;
|
||||
friendlyAttrValue: XSS.EscapeHandler;
|
||||
escapeAttrValue: XSS.EscapeHandler;
|
||||
onIgnoreTagStripAll(): string;
|
||||
StripTagBody: typeof StripTagBody;
|
||||
stripCommentTag: XSS.EscapeHandler;
|
||||
stripBlankChar: XSS.EscapeHandler;
|
||||
cssFilter: XSS.ICSSFilter;
|
||||
getDefaultCSSWhiteList(): XSS.ICSSFilter;
|
||||
}
|
||||
export class FilterXSS {
|
||||
constructor(options?: IFilterXSSOptions);
|
||||
process(html: string): string;
|
||||
}
|
||||
|
||||
export function filterXSS(html: string, options?: IFilterXSSOptions): string;
|
||||
export function parseTag(
|
||||
html: string,
|
||||
onTag: (
|
||||
sourcePosition: number,
|
||||
position: number,
|
||||
tag: string,
|
||||
html: string,
|
||||
isClosing: boolean
|
||||
) => string,
|
||||
escapeHtml: EscapeHandler
|
||||
): string;
|
||||
export function parseAttr(
|
||||
html: string,
|
||||
onAttr: (name: string, value: string) => string
|
||||
): string;
|
||||
export const whiteList: IWhiteList;
|
||||
export function getDefaultWhiteList(): IWhiteList;
|
||||
export const onTag: OnTagHandler;
|
||||
export const onIgnoreTag: OnTagHandler;
|
||||
export const onTagAttr: OnTagAttrHandler;
|
||||
export const onIgnoreTagAttr: OnTagAttrHandler;
|
||||
export const safeAttrValue: SafeAttrValueHandler;
|
||||
export const escapeHtml: EscapeHandler;
|
||||
export const escapeQuote: EscapeHandler;
|
||||
export const unescapeQuote: EscapeHandler;
|
||||
export const escapeHtmlEntities: EscapeHandler;
|
||||
export const escapeDangerHtml5Entities: EscapeHandler;
|
||||
export const clearNonPrintableCharacter: EscapeHandler;
|
||||
export const friendlyAttrValue: EscapeHandler;
|
||||
export const escapeAttrValue: EscapeHandler;
|
||||
export function onIgnoreTagStripAll(): string;
|
||||
export const stripCommentTag: EscapeHandler;
|
||||
export const stripBlankChar: EscapeHandler;
|
||||
export const cssFilter: ICSSFilter;
|
||||
export function getDefaultCSSWhiteList(): ICSSFilter;
|
||||
|
||||
Reference in New Issue
Block a user