leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
431 Commits 1 Branch 0 Tags
bedb0c09dbfebcd85151c89e0cec1f9fd82b166a
Commit Graph

431 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mdk000
bedb0c09db feat: single-quoted attribute value syntax support (#287) 2024-03-03 10:21:40 +08:00
Adam Zielinski
8884b21308 feat: Allow loading attribute on img (#278) 
Signed-off-by: maosmurf <github@maosmurf.com>
 2023-03-23 10:19:18 +08:00
Shigma
4c3c7587f0 chore: fix typo (#272) 2023-03-23 10:05:38 +08:00
LEI Zongmin
c339c1f777 publish: v1.0.14 2022-08-16 21:54:05 +08:00
metonym
71c3f25972 fix: add allowList to types (#261) 2022-08-16 21:50:56 +08:00
Sviataslau Shchaurouski
72844ddc6f fix: problem with not closed tag (#262) 2022-08-16 21:50:26 +08:00
LEI Zongmin
c2419c4d14 publish: v1.0.13 2022-06-07 00:05:03 +08:00
LEI Zongmin
352ae5331f Revert "fix: comment has encoded (#257)" 
This reverts commit 9f6a37b34d.
 2022-06-06 23:59:59 +08:00
LEI Zongmin
76d87aa002 publish: v1.0.12 2022-06-04 00:12:31 +08:00
LEI Zongmin
2e8e8ce3e8 chore: update devDependencies 2022-06-04 00:05:58 +08:00
LEI Zongmin
d7654e5f14 fix: use var instead of let 2022-06-03 23:50:24 +08:00
lumburr
c536c0da30 fix: problem with backslash and space at the beginning of attribute value (#253) 2022-05-27 23:09:19 +08:00
lumburr
1e4446635f fix: whitelist match failure due to case ignoring (#256) 2022-05-27 23:01:33 +08:00
William Stein
5a7c216dbe add another site that extensively uses XSS (#258) 2022-05-27 22:58:18 +08:00
lumburr
9f6a37b34d fix: comment has encoded (#257) 2022-05-27 22:57:50 +08:00
老雷
621b4c220e Merge pull request #252 from lumburr/feat/eslint 
feat: add eslint:recommended check
 2022-03-11 09:22:58 +08:00
lumburr
1e34b3de23 feat: add eslint:recommended check 2022-03-09 19:39:57 +08:00
Zongmin Lei
ed295cae25 publish: v1.0.11 2022-03-06 15:21:07 +08:00
老雷
daa471e560 Merge pull request #249 from schu34/ms/add-allowlist-support 
feat: add support for allowList as an alias for whiteList
 2021-12-31 21:05:29 +08:00
Matthew Benjamin Schupack
6914bbaf93 feat: add support for allowList as an alias for whiteList 2021-12-13 13:29:29 -05:00
老雷
3826e74155 chore: build v1.0.10 2021-10-08 09:01:02 +00:00
Zongmin Lei
380a4bae2b publish: v1.0.10 2021-10-08 16:50:33 +08:00
Zongmin Lei
699acdea7d fix: #239 stripCommentTag DoS attack 2021-10-08 16:23:28 +08:00
老雷
9cbe2f1066 Create SECURITY.md 2021-09-19 12:04:35 +08:00
Zongmin Lei
bdd1b03896 chore: fix nodejs.yml remove node-version 8.x 2021-05-07 00:10:01 +08:00
Zongmin Lei
3be6a07fae chore: update devDependencies to latest version 2021-05-06 14:02:14 +08:00
Zongmin Lei
948dfb19c1 docs: update CI badge 2021-05-06 13:55:18 +08:00
Zongmin Lei
831a6a289d chore: github action nodejs.yml run test-cov instead of test 2021-05-06 13:48:53 +08:00
Zongmin Lei
0ba3cdbc4b chore: remove .travis.yml 2021-05-06 13:47:04 +08:00
Zongmin Lei
cdee88ee16 chore: fix github action nodejs.yml 2021-05-06 13:45:18 +08:00
老雷
624aba94dc chore: add github action nodejs.yml 2021-05-06 13:43:41 +08:00
Zongmin Lei
901b771960 style: reformat all source code by prettier 2021-05-06 13:32:47 +08:00
Zongmin Lei
0b15109107 docs: update changelog 2021-05-06 13:29:53 +08:00
Zongmin Lei
3e153f585d fix: typings onTag options 2021-05-06 13:22:53 +08:00
Zongmin Lei
82cb63f0fe docs: update changelog 2021-05-06 13:16:49 +08:00
Zongmin Lei
a1d9b44c36 fix: typings IWhiteList allow any tag name 2021-05-06 13:15:50 +08:00
Zongmin Lei
005098be59 feat: Add <strike> to default whitelist 2021-05-06 13:11:03 +08:00
Zongmin Lei
dcf1486845 feat: Add <audio crossorigin muted>, <video crossorigin muted playsinline poster> to default whitelist 2021-05-06 13:08:35 +08:00
老雷
f4c0b29c3f Merge pull request #220 from daraz999/patch-1 
Add <figure> and <figcaption> to default whitelist
 2021-05-06 12:53:28 +08:00
Zongmin Lei
2f5dd55ca0 fix: recover <summary> on the default whitelist 2021-05-06 12:47:47 +08:00
Zongmin Lei
d94ac2a584 publish: v1.0.9 2021-05-06 11:32:55 +08:00
Zongmin Lei
4452638995 chore: add package-lock.json to .ignore 2021-05-06 11:29:51 +08:00
Zongmin Lei
cff16d9ba1 chore: build dist 2021-05-06 11:29:23 +08:00
老雷
730a0b5eae Merge pull request #218 from TomAnthony/fix-whitespace-bypass 
Fix whitespace bypass
 2021-05-06 11:22:53 +08:00
老雷
6586f4966e Merge pull request #216 from spacegaier/patch-1 
Add `<summary>` to default whitelist
 2021-05-06 11:20:15 +08:00
老雷
20869bef8c Merge pull request #222 from aprilandjan/master 
docs: correct empty whiteList typing in examples
 2021-05-06 11:19:04 +08:00
aprilandjan
3860fe7cca docs: correct empty whiteList typing in examples 2021-02-26 19:22:01 +08:00
Darius Smaliukas
0024eefd42 Add <figure> and <figcaption> to default whitelist 
* Figure https://developer.mozilla.org/en-US/docs/Web/HTML/Element/figure
* Figcaption https://developer.mozilla.org/en-US/docs/Web/HTML/Element/figcaption

Most RSS feeds are using these tags to wrap around media content. I propose to add these tags to the default whitelist because they don't require any attribute and do not open any XSS vulnerability
 2021-02-19 17:08:18 +02:00
Tom Anthony
51de741f7b Update handling of quoteStart to prevent sanitization bypass using non-space whitespace. 2021-01-25 21:17:00 +01:00
Tom Anthony
49a25b4d85 Merge pull request #1 from leizongmin/master 
Catch up
 2021-01-25 20:06:05 +00:00