leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update README

Browse Source
This commit is contained in:
Zongmin Lei
2016-10-12 13:51:37 +08:00
parent 7641196a6f
commit afe364cc3d
2 changed files with 43 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@@ -21,6 +21,7 @@
[download-image]: https://img.shields.io/npm/dm/xss.svg?style=flat-square
[download-url]: https://npmjs.org/package/xss
Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist.
======
@@ -37,7 +38,6 @@ Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whi
**[中文版文档](https://github.com/leizongmin/js-xss/blob/master/README.zh.md)**
---------------
@@ -62,9 +62,10 @@ Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whi
For test code please refer to `benchmark` directory.
## Unit Test
## They are using xss module
Run `npm test` command in the source directary.
+ **nodeclub** - A Node.js bbs using MongoDB - https://github.com/cnodejs/nodeclub
+ **cnpmjs.org** - Private npm registry and web for Enterprise - https://github.com/cnpm/cnpmjs.org
## Install
@@ -285,6 +286,25 @@ function safeAttrValue (tag, name, value) {
}
```
### Customize CSS filter
If you allow the attribute `style`, the value will be processed by [cssfilter](https://github.com/leizongmin/js-css-filter) module. The cssfilter module includes a default css whitelist. You can specify the options for cssfilter module like this:
```javascript
myxss = new xss.FilterXSS({
css: {
whiteList: {
position: /^fixed|relative$/,
top: true,
left: true,
}
}
});
html = myxss.process('<script>alert("xss");</script>');
```
For more help, please see https://github.com/leizongmin/js-css-filter
### Quick Start
#### Filter out tags not in the whitelist

25
README.zh.md
View File

@@ -64,11 +64,6 @@
测试代码参考 benchmark 目录
## 单元测试
在源码目录执行命令: `npm test`
## 安装
### NPM
@@ -284,6 +279,26 @@ function safeAttrValue (tag, name, value) {
}
```
### 自定义CSS过滤器
如果配置中允许了标签的 `style` 属性,则它的值会通过[cssfilter](https://github.com/leizongmin/js-css-filter) 模块处理。
`cssfilter` 模块包含了一个默认的CSS白名单你可以通过以下的方式配置
```javascript
myxss = new xss.FilterXSS({
css: {
whiteList: {
position: /^fixed|relative$/,
top: true,
left: true,
}
}
});
html = myxss.process('<script>alert("xss");</script>');
```
要获取更多的帮助信息可看这里https://github.com/leizongmin/js-css-filter
### 快捷配置
#### 去掉不在白名单上的标签