v0.2.7

2015-08-18 18:34:30 +08:00
parent fb5891fa7c
commit ce40ba3795
3 changed files with 6 additions and 4 deletions
--- a/dist/xss.js
+++ b/dist/xss.js
@@ -539,7 +539,8 @@ function parseTag (html, onTag, escapeHtml) {
          tagStart = false;
          continue;
        }
-        if (c === '"' || c === "'") {
+        // HTML标签内的引号仅当前一个字符是等于号时才有效
        if ((c === '"' || c === "'") && html.charAt(currentPos - 1) === '=') {
          quoteStart = c;
          continue;
        }
@@ -595,7 +596,8 @@ function parseAttr (html, onAttr) {
      continue;
    }
    if (tmpName !== false) {
-      if (i === lastPos && (c === '"' || c === "'")) {
+      // HTML标签内的引号仅当前一个字符是等于号时才有效
      if (i === lastPos && (c === '"' || c === "'") && html.charAt(i - 1) === '=') {
        j = html.indexOf(c, i + 1);
        if (j === -1) {
          break;
--- a/dist/xss.min.js
+++ b/dist/xss.min.js
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "xss",
  "main": "./lib/index.js",
-  "version": "0.2.6",
+  "version": "0.2.7",
  "description": "Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist. 根据白名单过滤HTML(防止XSS攻击)",
  "author": "leizongmin <leizongmin@gmail.com> (http://ucdok.com)",
  "contributors": [