feat: Add <audio crossorigin muted>, <video crossorigin muted playsinline poster> to default whitelist
This commit is contained in:
Zongmin Lei
@@ -4,6 +4,8 @@
|
|||||||
|
|
||||||
- [Fix whitespace bypass #218](https://github.com/leizongmin/js-xss/pull/218/files) by @TomAnthony
|
- [Fix whitespace bypass #218](https://github.com/leizongmin/js-xss/pull/218/files) by @TomAnthony
|
||||||
- [Add `<summary>` to default whitelist #216](https://github.com/leizongmin/js-xss/pull/216) by @spacegaier
|
- [Add `<summary>` to default whitelist #216](https://github.com/leizongmin/js-xss/pull/216) by @spacegaier
|
||||||
|
- [Add `<figure>` and `<figcaption>` to default whitelist](https://github.com/leizongmin/js-xss/pull/220) by @daraz999
|
||||||
|
- Add `<audio crossorigin muted>`, `<video crossorigin muted playsinline poster>` to default whitelist
|
||||||
|
|
||||||
## v1.0.8 (2020-07-27)
|
## v1.0.8 (2020-07-27)
|
||||||
|
|
||||||
|
|||||||
16
dist/xss.js
vendored
16
dist/xss.js
vendored
@@ -17,7 +17,15 @@ function getDefaultWhiteList() {
|
|||||||
area: ["shape", "coords", "href", "alt"],
|
area: ["shape", "coords", "href", "alt"],
|
||||||
article: [],
|
article: [],
|
||||||
aside: [],
|
aside: [],
|
||||||
audio: ["autoplay", "controls", "loop", "preload", "src"],
|
audio: [
|
||||||
|
"autoplay",
|
||||||
|
"controls",
|
||||||
|
"crossorigin",
|
||||||
|
"loop",
|
||||||
|
"muted",
|
||||||
|
"preload",
|
||||||
|
"src",
|
||||||
|
],
|
||||||
b: [],
|
b: [],
|
||||||
bdi: ["dir"],
|
bdi: ["dir"],
|
||||||
bdo: ["dir"],
|
bdo: ["dir"],
|
||||||
@@ -37,6 +45,8 @@ function getDefaultWhiteList() {
|
|||||||
dl: [],
|
dl: [],
|
||||||
dt: [],
|
dt: [],
|
||||||
em: [],
|
em: [],
|
||||||
|
figcaption: [],
|
||||||
|
figure: [],
|
||||||
font: ["color", "size", "face"],
|
font: ["color", "size", "face"],
|
||||||
footer: [],
|
footer: [],
|
||||||
h1: [],
|
h1: [],
|
||||||
@@ -77,7 +87,11 @@ function getDefaultWhiteList() {
|
|||||||
video: [
|
video: [
|
||||||
"autoplay",
|
"autoplay",
|
||||||
"controls",
|
"controls",
|
||||||
|
"crossorigin",
|
||||||
"loop",
|
"loop",
|
||||||
|
"muted",
|
||||||
|
"playsinline",
|
||||||
|
"poster",
|
||||||
"preload",
|
"preload",
|
||||||
"src",
|
"src",
|
||||||
"height",
|
"height",
|
||||||
|
|||||||
2
dist/xss.min.js
vendored
2
dist/xss.min.js
vendored
File diff suppressed because one or more lines are too long
@@ -16,7 +16,15 @@ function getDefaultWhiteList() {
|
|||||||
area: ["shape", "coords", "href", "alt"],
|
area: ["shape", "coords", "href", "alt"],
|
||||||
article: [],
|
article: [],
|
||||||
aside: [],
|
aside: [],
|
||||||
audio: ["autoplay", "controls", "loop", "preload", "src"],
|
audio: [
|
||||||
|
"autoplay",
|
||||||
|
"controls",
|
||||||
|
"crossorigin",
|
||||||
|
"loop",
|
||||||
|
"muted",
|
||||||
|
"preload",
|
||||||
|
"src",
|
||||||
|
],
|
||||||
b: [],
|
b: [],
|
||||||
bdi: ["dir"],
|
bdi: ["dir"],
|
||||||
bdo: ["dir"],
|
bdo: ["dir"],
|
||||||
@@ -78,7 +86,11 @@ function getDefaultWhiteList() {
|
|||||||
video: [
|
video: [
|
||||||
"autoplay",
|
"autoplay",
|
||||||
"controls",
|
"controls",
|
||||||
|
"crossorigin",
|
||||||
"loop",
|
"loop",
|
||||||
|
"muted",
|
||||||
|
"playsinline",
|
||||||
|
"poster",
|
||||||
"preload",
|
"preload",
|
||||||
"src",
|
"src",
|
||||||
"height",
|
"height",
|
||||||
|
|||||||
Reference in New Issue
Block a user