兼容各种奇葩输入

2015-01-12 14:04:29 +08:00
parent e71fce8974
commit c7bd9c0fc4
2 changed files with 11 additions and 0 deletions
--- a/lib/xss.js
+++ b/lib/xss.js
@@ -79,6 +79,11 @@ function FilterXSS (options) {
 * @return {String}
 */
 FilterXSS.prototype.process = function (html) {
+  // 兼容各种奇葩输入
+  html = html || '';
+  html = html.toString();
+  if (!html) return '';
+
  var me = this;
  var options = me.options;
  var whiteList = options.whiteList;
--- a/test/test_xss.js
+++ b/test/test_xss.js
@@ -12,6 +12,12 @@ describe('test XSS', function () {

  it('#normal', function () {

+    // 兼容各种奇葩输入
+    assert.equal(xss(), '');
+    assert.equal(xss(null), '');
+    assert.equal(xss(123), '123');
+    assert.equal(xss({a: 1111}), '[object Object]');
+
    // 过滤不在白名单的标签
    assert.equal(xss('<b>abcd</b>'), '<b>abcd</b>');
    assert.equal(xss('<o>abcd</o>'), '&lt;o&gt;abcd&lt;/o&gt;');