leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修正:当启用stripIgnoreTagBody时,如果以要过滤的标签开头,会导致前面部分没正确删除[removed]标记

Browse Source
This commit is contained in:
Zongmin Lei
2014-03-03 18:21:39 +08:00
parent 09feade29c
commit d512bd7643
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
test/test_custom_method.js
View File

@@ -302,5 +302,24 @@ describe('test custom XSS method', function () {
assert.equal(html, '<a>link</a>$y$a$y$$y$b$y$k');
});
it('#stripIgnoreTag & stripIgnoreTagBody', function () {
var source = '<script>alert(/xss/);</script>';
var html = xss(source, {
stripIgnoreTag: true,
stripIgnoreTagBody: ['script']
});
console.log(html);
assert.equal(html, '');
});
it('#stripIgnoreTag & stripIgnoreTagBody - 2', function () {
var source = 'ooxx<script>alert(/xss/);</script>';
var html = xss(source, {
stripIgnoreTag: true,
stripIgnoreTagBody: ['script']
});
console.log(html);
assert.equal(html, 'ooxx');
});
});