leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
434 Commits 1 Branch 0 Tags
66df7c48d5280de27b787169165afc4ea850cda4
Commit Graph

25 Commits

Author SHA1 Message Date
Sviataslau Shchaurouski
72844ddc6f fix: problem with not closed tag (#262) 2022-08-16 21:50:26 +08:00
LEI Zongmin
d7654e5f14 fix: use var instead of let 2022-06-03 23:50:24 +08:00
lumburr
c536c0da30 fix: problem with backslash and space at the beginning of attribute value (#253) 2022-05-27 23:09:19 +08:00
lumburr
1e34b3de23 feat: add eslint:recommended check 2022-03-09 19:39:57 +08:00
Zongmin Lei
901b771960 style: reformat all source code by prettier 2021-05-06 13:32:47 +08:00
Tom Anthony
51de741f7b Update handling of quoteStart to prevent sanitization bypass using non-space whitespace. 2021-01-25 21:17:00 +01:00
Tom Anthony
379d181273 Make coding style project consistent. 2020-07-24 10:41:06 +01:00
Tom Anthony
f454fd76e6 Update handling of quoteStart to allow for whitespace after =. Add a new test case for this failure scenario. 2020-07-22 23:40:13 +01:00
Simon Bertrang
4c66d6e388 Update parser.js 
Actually turn on strict mode.
 2019-03-27 09:30:16 +01:00
Zongmin Lei
2b853a9d8d fix issue #122 use undefined variable currentHtml 2017-12-29 09:53:17 +08:00
Zongmin Lei
9b85b8f2d6 reformat by prettier 2017-12-21 14:22:34 +08:00
Zongmin Lei
32a4bece31 translate all comments to English 2017-12-21 14:19:10 +08:00
ztree
903769c37d passed test: 
assert.equal(xss('<a\ttarget="_blank"\ntitle="bbb">'), '<a target="_blank" title="bbb">');
    assert.equal(xss('<a\ntarget="_blank"\ttitle="bbb">'), '<a target="_blank" title="bbb">');
    assert.equal(xss('<a\n\n\n\ttarget="_blank"\t\t\t\ntitle="bbb">'), '<a target="_blank" title="bbb">');
 2017-08-31 16:41:44 +08:00
ztree
a3982311a9 HTML Tag 内的属性间隔支持 \t 2017-08-30 10:10:39 +08:00
zTree
b0fa6e9fc1 Update parser.js 
对特殊 html 进行支持(例如 word 复制的 html 内容)

如果只通过 空格进行区分,就会出现以下问题:
```
<img width=100 height=200
src='....'/>
```

这种没有空格,只有换行的 html 转换后会变为

```
<img width="100" height="200 src=&quot;....&quot;“/>
```
 2017-08-21 10:54:15 +08:00
Zongmin Lei
fb5891fa7c Fixed issue #40 start quote only when the previous char is = 2015-08-18 18:33:56 +08:00
chengbapi
df0b76992d Update parser.js 
IE7中不支持string[index]的用法改用slice做兼容
 2015-08-04 15:32:27 +08:00
Zongmin Lei
55924144c6 v0.2.5 2015-08-04 08:51:31 +08:00
Zongmin Lei
fb6364d431 Fixed issue #37 support unstrict HTML format: allow spaces between attribute name and attribute value 2015-08-02 21:20:36 +08:00
josephj
231458ea48 避免窜改 Array.prototype 2015-03-27 22:02:03 +11:00
Zongmin Lei
98dc24ab5a originPosition改名为sourcePosition 2014-02-13 16:33:35 +08:00
Zongmin Lei
c3912a5773 修正html parser 2014-02-13 14:58:05 +08:00
Zongmin Lei
ad057762a3 test: parseAttr 2014-02-13 10:26:17 +08:00
Zongmin Lei
1540118ac7 test: parseTag 2014-02-12 17:59:55 +08:00
Zongmin Lei
a5f23d9c68 简单 html parser (未完成) 2014-02-12 14:33:16 +08:00