leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.2.7

Browse Source
This commit is contained in:
Zongmin Lei
2015-08-18 18:34:30 +08:00
parent fb5891fa7c
commit ce40ba3795
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dist/xss.js vendored
View File

@@ -539,7 +539,8 @@ function parseTag (html, onTag, escapeHtml) {
tagStart = false;
continue;
}
if (c === '"' || c === "'") {
// HTML标签内的引号仅当前一个字符是等于号时才有效
if ((c === '"' || c === "'") && html.charAt(currentPos - 1) === '=') {
quoteStart = c;
continue;
}
@@ -595,7 +596,8 @@ function parseAttr (html, onAttr) {
continue;
}
if (tmpName !== false) {
if (i === lastPos && (c === '"' || c === "'")) {
// HTML标签内的引号仅当前一个字符是等于号时才有效
if (i === lastPos && (c === '"' || c === "'") && html.charAt(i - 1) === '=') {
j = html.indexOf(c, i + 1);
if (j === -1) {
break;