publish: v1.0.8
This commit is contained in:
Zongmin Lei
@@ -1,3 +1,8 @@
|
||||
## v1.0.8 (2020-07-27)
|
||||
|
||||
[Allow default imports in TS #200](https://github.com/leizongmin/js-xss/pull/200) by @danvk
|
||||
[Update handling of quoteStart to prevent sanitization bypass #201](https://github.com/leizongmin/js-xss/pull/201) by @TomAnthony
|
||||
|
||||
## v1.0.7 (2020-06-08)
|
||||
|
||||
[added support for src embedded image, ftp and relative urls](https://github.com/leizongmin/js-xss/pull/189) by @sijanec
|
||||
|
||||
@@ -52,8 +52,8 @@
|
||||
|
||||
## Benchmark (for references only)
|
||||
|
||||
* the xss module: 8.2 MB/s
|
||||
* `xss()` function from module `validator@0.3.7`: 4.4 MB/s
|
||||
* the xss module: 22.53 MB/s
|
||||
* `xss()` function from module `validator@0.3.7`: 6.9 MB/s
|
||||
|
||||
For test code please refer to `benchmark` directory.
|
||||
|
||||
|
||||
@@ -50,8 +50,8 @@
|
||||
|
||||
## 性能(仅作参考)
|
||||
|
||||
* xss 模块:8.2 MB/s
|
||||
* validator@0.3.7 模块的 xss()函数:4.4 MB/s
|
||||
* xss 模块:22.53 MB/s
|
||||
* validator@0.3.7 模块的 xss()函数:6.9 MB/s
|
||||
|
||||
测试代码参考 benchmark 目录
|
||||
|
||||
|
||||
16
dist/xss.js
vendored
16
dist/xss.js
vendored
@@ -519,7 +519,7 @@ function parseTag(html, onTag, escapeHtml) {
|
||||
var currentTagName = "";
|
||||
var currentHtml = "";
|
||||
|
||||
for (currentPos = 0; currentPos < len; currentPos++) {
|
||||
chariterator: for (currentPos = 0; currentPos < len; currentPos++) {
|
||||
var c = html.charAt(currentPos);
|
||||
if (tagStart === false) {
|
||||
if (c === "<") {
|
||||
@@ -549,9 +549,17 @@ function parseTag(html, onTag, escapeHtml) {
|
||||
tagStart = false;
|
||||
continue;
|
||||
}
|
||||
if ((c === '"' || c === "'") && html.charAt(currentPos - 1) === "=") {
|
||||
quoteStart = c;
|
||||
continue;
|
||||
if ((c === '"' || c === "'")) {
|
||||
var i = 1;
|
||||
var ic = html.charAt(currentPos - i);
|
||||
|
||||
while ((ic === " ") || (ic === "=")) {
|
||||
if (ic === "=") {
|
||||
quoteStart = c;
|
||||
continue chariterator;
|
||||
}
|
||||
ic = html.charAt(currentPos - ++i);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (c === quoteStart) {
|
||||
|
||||
2
dist/xss.min.js
vendored
2
dist/xss.min.js
vendored
File diff suppressed because one or more lines are too long
@@ -2,7 +2,7 @@
|
||||
"name": "xss",
|
||||
"main": "./lib/index.js",
|
||||
"typings": "./typings/xss.d.ts",
|
||||
"version": "1.0.7",
|
||||
"version": "1.0.8",
|
||||
"description": "Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist",
|
||||
"author": "Zongmin Lei <leizongmin@gmail.com> (http://ucdok.com)",
|
||||
"repository": {
|
||||
|
||||
Reference in New Issue
Block a user