v0.2.7
This commit is contained in:
Zongmin Lei
6
dist/xss.js
vendored
6
dist/xss.js
vendored
@@ -539,7 +539,8 @@ function parseTag (html, onTag, escapeHtml) {
|
||||
tagStart = false;
|
||||
continue;
|
||||
}
|
||||
if (c === '"' || c === "'") {
|
||||
// HTML标签内的引号仅当前一个字符是等于号时才有效
|
||||
if ((c === '"' || c === "'") && html.charAt(currentPos - 1) === '=') {
|
||||
quoteStart = c;
|
||||
continue;
|
||||
}
|
||||
@@ -595,7 +596,8 @@ function parseAttr (html, onAttr) {
|
||||
continue;
|
||||
}
|
||||
if (tmpName !== false) {
|
||||
if (i === lastPos && (c === '"' || c === "'")) {
|
||||
// HTML标签内的引号仅当前一个字符是等于号时才有效
|
||||
if (i === lastPos && (c === '"' || c === "'") && html.charAt(i - 1) === '=') {
|
||||
j = html.indexOf(c, i + 1);
|
||||
if (j === -1) {
|
||||
break;
|
||||
|
||||
2
dist/xss.min.js
vendored
2
dist/xss.min.js
vendored
File diff suppressed because one or more lines are too long
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "xss",
|
||||
"main": "./lib/index.js",
|
||||
"version": "0.2.6",
|
||||
"version": "0.2.7",
|
||||
"description": "Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist. 根据白名单过滤HTML(防止XSS攻击)",
|
||||
"author": "leizongmin <leizongmin@gmail.com> (http://ucdok.com)",
|
||||
"contributors": [
|
||||
|
||||
Reference in New Issue
Block a user