leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

publish: v1.0.13

Browse Source
This commit is contained in:
LEI Zongmin
2022-06-07 00:05:03 +08:00
parent 352ae5331f
commit c2419c4d14
4 changed files with 7 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -1,5 +1,9 @@
# CHANGELOG # CHANGELOG
## v1.0.13 (2022-06-07)
- [revert: fix: comment has encoded](https://github.com/leizongmin/js-xss/pull/257)
## v1.0.12 (2022-06-04) ## v1.0.12 (2022-06-04)
- [feat: add eslint:recommended check](https://github.com/leizongmin/js-xss/pull/252) by @lumburr - [feat: add eslint:recommended check](https://github.com/leizongmin/js-xss/pull/252) by @lumburr

14
dist/xss.js vendored
View File

@@ -160,15 +160,6 @@ function escapeHtml(html) {
return html.replace(REGEXP_LT, "<").replace(REGEXP_GT, ">"); return html.replace(REGEXP_LT, "<").replace(REGEXP_GT, ">");
} }
/**
* default escapeHtml function but dont escape comment
*
* @param {String} html
*/
function escapeHtmlNotComment(html) {
return html.replace(REGEXP_LT_NOT_COMMENT, "<").replace(REGEXP_RT_NOT_COMMENT, ">");
}
/** /**
* default safeAttrValue function * default safeAttrValue function
* *
@@ -238,8 +229,6 @@ function safeAttrValue(tag, name, value, cssFilter) {
// RegExp list // RegExp list
var REGEXP_LT = /</g; var REGEXP_LT = /</g;
var REGEXP_GT = />/g; var REGEXP_GT = />/g;
var REGEXP_LT_NOT_COMMENT = /<(?!!--)/g;
var REGEXP_RT_NOT_COMMENT = /(?<!--)>/g;
var REGEXP_QUOTE = /"/g; var REGEXP_QUOTE = /"/g;
var REGEXP_QUOTE_2 = /&quot;/g; var REGEXP_QUOTE_2 = /&quot;/g;
var REGEXP_ATTR_VALUE_1 = /&#([a-zA-Z0-9]*);?/gim; var REGEXP_ATTR_VALUE_1 = /&#([a-zA-Z0-9]*);?/gim;
@@ -456,7 +445,6 @@ exports.onTagAttr = onTagAttr;
exports.onIgnoreTagAttr = onIgnoreTagAttr; exports.onIgnoreTagAttr = onIgnoreTagAttr;
exports.safeAttrValue = safeAttrValue; exports.safeAttrValue = safeAttrValue;
exports.escapeHtml = escapeHtml; exports.escapeHtml = escapeHtml;
exports.escapeHtmlNotComment = escapeHtmlNotComment;
exports.escapeQuote = escapeQuote; exports.escapeQuote = escapeQuote;
exports.unescapeQuote = unescapeQuote; exports.unescapeQuote = unescapeQuote;
exports.escapeHtmlEntities = escapeHtmlEntities; exports.escapeHtmlEntities = escapeHtmlEntities;
@@ -927,7 +915,7 @@ function FilterXSS(options) {
options.onIgnoreTag = options.onIgnoreTag || DEFAULT.onIgnoreTag; options.onIgnoreTag = options.onIgnoreTag || DEFAULT.onIgnoreTag;
options.onIgnoreTagAttr = options.onIgnoreTagAttr || DEFAULT.onIgnoreTagAttr; options.onIgnoreTagAttr = options.onIgnoreTagAttr || DEFAULT.onIgnoreTagAttr;
options.safeAttrValue = options.safeAttrValue || DEFAULT.safeAttrValue; options.safeAttrValue = options.safeAttrValue || DEFAULT.safeAttrValue;
options.escapeHtml = options.escapeHtml || (options.allowCommentTag ? DEFAULT.escapeHtmlNotComment : DEFAULT.escapeHtml); options.escapeHtml = options.escapeHtml || DEFAULT.escapeHtml;
this.options = options; this.options = options;
if (options.css === false) { if (options.css === false) {

2
dist/xss.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
package.json
View File

@@ -2,7 +2,7 @@
"name": "xss", "name": "xss",
"main": "./lib/index.js", "main": "./lib/index.js",
"typings": "./typings/xss.d.ts", "typings": "./typings/xss.d.ts",
"version": "1.0.12", "version": "1.0.13",
"description": "Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist", "description": "Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist",
"author": "Zongmin Lei <leizongmin@gmail.com> (http://ucdok.com)", "author": "Zongmin Lei <leizongmin@gmail.com> (http://ucdok.com)",
"repository": { "repository": {