leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
398 Commits 1 Branch 0 Tags
3e153f585d3cd32540f66a49032ca852516978be
Commit Graph

398 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Zongmin Lei
3e153f585d fix: typings onTag options 2021-05-06 13:22:53 +08:00
Zongmin Lei
82cb63f0fe docs: update changelog 2021-05-06 13:16:49 +08:00
Zongmin Lei
a1d9b44c36 fix: typings IWhiteList allow any tag name 2021-05-06 13:15:50 +08:00
Zongmin Lei
005098be59 feat: Add <strike> to default whitelist 2021-05-06 13:11:03 +08:00
Zongmin Lei
dcf1486845 feat: Add <audio crossorigin muted>, <video crossorigin muted playsinline poster> to default whitelist 2021-05-06 13:08:35 +08:00
老雷
f4c0b29c3f Merge pull request #220 from daraz999/patch-1 
Add <figure> and <figcaption> to default whitelist
 2021-05-06 12:53:28 +08:00
Zongmin Lei
2f5dd55ca0 fix: recover <summary> on the default whitelist 2021-05-06 12:47:47 +08:00
Zongmin Lei
d94ac2a584 publish: v1.0.9 2021-05-06 11:32:55 +08:00
Zongmin Lei
4452638995 chore: add package-lock.json to .ignore 2021-05-06 11:29:51 +08:00
Zongmin Lei
cff16d9ba1 chore: build dist 2021-05-06 11:29:23 +08:00
老雷
730a0b5eae Merge pull request #218 from TomAnthony/fix-whitespace-bypass 
Fix whitespace bypass
 2021-05-06 11:22:53 +08:00
老雷
6586f4966e Merge pull request #216 from spacegaier/patch-1 
Add `<summary>` to default whitelist
 2021-05-06 11:20:15 +08:00
老雷
20869bef8c Merge pull request #222 from aprilandjan/master 
docs: correct empty whiteList typing in examples
 2021-05-06 11:19:04 +08:00
aprilandjan
3860fe7cca docs: correct empty whiteList typing in examples 2021-02-26 19:22:01 +08:00
Darius Smaliukas
0024eefd42 Add <figure> and <figcaption> to default whitelist 
* Figure https://developer.mozilla.org/en-US/docs/Web/HTML/Element/figure
* Figcaption https://developer.mozilla.org/en-US/docs/Web/HTML/Element/figcaption

Most RSS feeds are using these tags to wrap around media content. I propose to add these tags to the default whitelist because they don't require any attribute and do not open any XSS vulnerability
 2021-02-19 17:08:18 +02:00
Tom Anthony
51de741f7b Update handling of quoteStart to prevent sanitization bypass using non-space whitespace. 2021-01-25 21:17:00 +01:00
Tom Anthony
49a25b4d85 Merge pull request #1 from leizongmin/master 
Catch up
 2021-01-25 20:06:05 +00:00
Philip Allgaier
cb35b4ca02 Add <summary> to default whitelist 
Since `<details>` is in there, it makes sense for `<summary>` as well since that is used inside `<details>` to define the text label/title for the collapsible element.
 2021-01-24 20:30:11 +01:00
老雷
be1d80c89d Merge pull request #204 from timgates42/bugfix_typo_double 
docs: Fix simple typo, doube -> double
 2020-10-27 01:21:07 +08:00
老雷
48a3a323b6 Merge pull request #202 from swseverance/fix-documentation 
Fix Documentation Example
 2020-09-16 18:58:31 +08:00
Tim Gates
cf5a36696a docs: Fix simple typo, doube -> double 
There is a small typo in dist/xss.js, lib/default.js.

Should read `double` rather than `doube`.
 2020-09-01 07:48:41 +10:00
Sam Severance
1691814807 Fix Documentation Example 2020-08-03 09:06:31 -04:00
老雷
fa53e3929b Update CHANGELOG.md 2020-07-27 10:28:36 +08:00
Zongmin Lei
39f6fce862 chore: update bower.json 2020-07-27 10:25:25 +08:00
Zongmin Lei
ccff2e55c2 publish: v1.0.8 2020-07-27 10:21:57 +08:00
Zongmin Lei
b12fb387a6 test: add more test for parseAttr 2020-07-27 10:10:40 +08:00
老雷
353ffdc73a Merge pull request #201 from TomAnthony/fix-bypass-issue 
Update handling of quoteStart to prevent sanitization bypass
 2020-07-24 19:13:00 +08:00
Tom Anthony
379d181273 Make coding style project consistent. 2020-07-24 10:41:06 +01:00
Zongmin Lei
10d0099728 chore: remove node_js version 6.0 on .travis.yml 2020-07-23 17:33:11 +08:00
Zongmin Lei
5f2bacf590 chore: remove node_js version 4.0 & 5.0 on .travis.yml 2020-07-23 17:28:05 +08:00
老雷
ad66b19834 Merge pull request #200 from danvk/typescript-default-import 
Allow default imports in TS
 2020-07-23 17:24:14 +08:00
Tom Anthony
f454fd76e6 Update handling of quoteStart to allow for whitespace after =. Add a new test case for this failure scenario. 2020-07-22 23:40:13 +01:00
Dan Vanderkam
4d07aeaa8a Allow default imports in TS 2020-07-21 17:20:24 -04:00
老雷
9a34334b99 Create codeql-analysis.yml 2020-07-16 14:24:38 +08:00
Zongmin Lei
b61c373d66 chore: use nyc instead of istanbul 2020-06-08 14:46:12 +08:00
Zongmin Lei
a8cbb0900b chore: remove package-lock.json 2020-06-08 14:44:34 +08:00
Zongmin Lei
04516fcd53 chore: update bower.json 2020-06-08 11:01:16 +08:00
Zongmin Lei
c03f924100 chore: .travis.yml add node_js version 12.0 & 14.0 2020-06-08 11:00:42 +08:00
Zongmin Lei
fbe45f6b93 publish: v1.0.7 2020-06-08 10:58:18 +08:00
Zongmin Lei
4f88322961 chore: update dependencies 2020-06-08 10:47:45 +08:00
Zongmin Lei
b82a3270fa fix test for #189 2020-06-08 10:46:47 +08:00
老雷
154174dd9e Merge pull request #189 from sijanec/patch-1 
added support for src embedded image, ftp and relative urls
 2020-06-08 10:40:44 +08:00
老雷
a48d842cbb Merge pull request #188 from jcfranco/patch-1 
Fix typo.
 2020-06-08 10:37:17 +08:00
sijanec
8efd6327ae fix, as suggested by Ronald J Kimball 2020-02-22 21:59:36 +01:00
sijanec
07ac8b16c1 added support for src embedded image, ftp and relative urls 
Those can't contain playloads. Reference to the issue #174
 2020-02-09 00:24:43 +01:00
JC Franco
db897317c4 Fix typo. 2020-01-29 20:46:43 -08:00
老雷
53ba52a599 Create FUNDING.yml 2019-05-26 10:35:56 +08:00
Zongmin Lei
2eb4a21f12 chore: update devDependencies 2019-04-13 11:49:36 +08:00
Zongmin Lei
bc516a1863 fix: turn on strict mode for xss.js 2019-04-13 11:43:18 +08:00
Zongmin Lei
506e192329 chore: add package-lock.json & update dependencies 2019-04-13 11:40:41 +08:00