js-xss

Author	SHA1	Message	Date
Tom Anthony	51de741f7b	Update handling of quoteStart to prevent sanitization bypass using non-space whitespace.	2021-01-25 21:17:00 +01:00
Zongmin Lei	b12fb387a6	test: add more test for parseAttr	2020-07-27 10:10:40 +08:00
Tom Anthony	379d181273	Make coding style project consistent.	2020-07-24 10:41:06 +01:00
Tom Anthony	f454fd76e6	Update handling of quoteStart to allow for whitespace after =. Add a new test case for this failure scenario.	2020-07-22 23:40:13 +01:00
Zongmin Lei	b82a3270fa	fix test for #189	2020-06-08 10:46:47 +08:00
Zongmin Lei	9b85b8f2d6	reformat by prettier	2017-12-21 14:22:34 +08:00
Zongmin Lei	32a4bece31	translate all comments to English	2017-12-21 14:19:10 +08:00
Christian Schoeppler	2728bb88f7	added tel number handling for links	2017-11-24 13:57:30 +01:00
Zongmin Lei	8c0b78f2af	test: add more test	2017-08-29 14:10:31 +08:00
Zongmin Lei	e426e8cfe7	style: fix test indent format	2017-08-29 13:58:36 +08:00
Zongmin Lei	2b7aa8432e	test: 增加测试用例	2017-07-12 19:32:43 +08:00
Zongmin Lei	3ecf8542a0	fix: issue #66 no options mutated	2016-12-20 09:13:35 +08:00
Zongmin Lei	857fa9de67	fix cssFilter, allow pass css=false to disable cssFilter	2016-11-06 11:06:02 +08:00
Zongmin Lei	8df84a1995	单元测试使用debug显示输出	2015-12-01 22:10:48 +08:00
Zongmin Lei	4ff066f0f6	修正 issue #41 href默认允许#开头	2015-12-01 21:53:59 +08:00
Zongmin Lei	fb5891fa7c	Fixed issue #40 start quote only when the previous char is `=`	2015-08-18 18:33:56 +08:00
Zongmin Lei	fb6364d431	Fixed issue #37 support unstrict HTML format: allow spaces between attribute name and attribute value	2015-08-02 21:20:36 +08:00
Zongmin Lei	7fd196296c	修正单元测试代码 <script> --> <scri + pt> 保证在浏览器上测试通过	2015-05-06 11:36:56 +08:00
Zongmin Lei	994f1a7045	v0.2.0 使用cssfilter模块来过滤style属性	2015-05-05 22:50:56 +08:00
Zongmin Lei	6249d4cf2a	过滤是通过设置stripBlankChar=true来过滤不可见字符	2015-01-22 14:20:55 +08:00
Zongmin Lei	89c6930b9e	取消自动清除不可见字符	2015-01-22 14:07:17 +08:00
Zongmin Lei	97d0bdf516	自动清除不可见字符	2015-01-20 13:06:54 +08:00
Zongmin Lei	c7bd9c0fc4	兼容各种奇葩输入	2015-01-12 14:04:29 +08:00
Zongmin Lei	e71fce8974	fixed issue #25 , "&quote;" should be """	2014-12-06 16:25:35 +08:00
Zongmin Lei	bfbe23ddc1	href support "mailto:", fixed issue #24	2014-11-28 15:23:14 +08:00
Zongmin Lei	8a08cea378	添加HTML备注处理测试代码	2014-09-12 12:23:36 +08:00
Zongmin Lei	a420d251f1	增加新的选项 allowCommentTag 来设置是否允许HTML备注标签，默认false	2014-04-03 11:47:21 +08:00
Zongmin Lei	d512bd7643	修正：当启用stripIgnoreTagBody时，如果以要过滤的标签开头，会导致前面部分没正确删除[removed]标记	2014-03-03 18:21:39 +08:00
Zongmin Lei	d1a4521bfd	修正对style属性的过滤	2014-02-20 10:44:08 +08:00
Zongmin Lei	b358f9b163	增加 td.backgorund 过滤	2014-02-20 10:27:16 +08:00
Zongmin Lei	519f0ed944	href和src属性，如果被过滤则返回空值	2014-02-18 14:35:50 +08:00
Zongmin Lei	e2272386a1	默认href和src属性只运行 https, http, / 开头的地址	2014-02-18 14:27:27 +08:00
Zongmin Lei	c63f87b61f	test: stripIgnoreTagBody	2014-02-13 18:18:43 +08:00
Zongmin Lei	5c46660e43	测试文件	2014-02-13 16:38:32 +08:00
Zongmin Lei	98dc24ab5a	originPosition改名为sourcePosition	2014-02-13 16:33:35 +08:00
Zongmin Lei	054aab29a2	test: stripIgnoreTag	2014-02-13 16:27:49 +08:00
Zongmin Lei	f64124137e	test: safeAttrValue	2014-02-13 16:18:10 +08:00
Zongmin Lei	53434487c5	test: escapeHtml	2014-02-13 16:13:26 +08:00
Zongmin Lei	f6dcdd7e30	test: onIgnoreTagAttr	2014-02-13 15:59:37 +08:00
Zongmin Lei	7fc9d3df3a	test: onTagAttr	2014-02-13 15:55:36 +08:00
Zongmin Lei	5632ce9bde	test: onIgnoreTag	2014-02-13 15:31:19 +08:00
Zongmin Lei	09e8a51ecf	test: onTag	2014-02-13 15:27:58 +08:00
Zongmin Lei	93d4da6cfa	调整测试代码 test_custom_method	2014-02-13 15:10:09 +08:00
Zongmin Lei	858b65895d	白名单测试	2014-02-13 15:01:39 +08:00
Zongmin Lei	1a04d6d79e	通过基本的xss白名单测试	2014-02-13 14:58:36 +08:00
Zongmin Lei	c3912a5773	修正html parser	2014-02-13 14:58:05 +08:00
Zongmin Lei	5d5a0cc31e	test: html parser 完成	2014-02-13 10:34:44 +08:00
Zongmin Lei	ad057762a3	test: parseAttr	2014-02-13 10:26:17 +08:00
Zongmin Lei	1540118ac7	test: parseTag	2014-02-12 17:59:55 +08:00
Zongmin Lei	54699f2da1	过滤 data URI 协议	2013-12-24 13:38:57 +08:00

1 2

70 Commits