leizongmin/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
431 Commits 1 Branch 0 Tags
bedb0c09dbfebcd85151c89e0cec1f9fd82b166a
Commit Graph

106 Commits

Author SHA1 Message Date
Zongmin Lei
994f1a7045 v0.2.0 使用cssfilter模块来过滤style属性 2015-05-05 22:50:56 +08:00
josephj
231458ea48 避免窜改 Array.prototype 2015-03-27 22:02:03 +11:00
Zongmin Lei
6249d4cf2a 过滤是通过设置stripBlankChar=true来过滤不可见字符 2015-01-22 14:20:55 +08:00
Zongmin Lei
89c6930b9e 取消自动清除不可见字符 2015-01-22 14:07:17 +08:00
Zongmin Lei
97d0bdf516 自动清除不可见字符 2015-01-20 13:06:54 +08:00
Zongmin Lei
85594379e2 支持AMD 2015-01-16 20:27:23 +08:00
Zongmin Lei
c7bd9c0fc4 兼容各种奇葩输入 2015-01-12 14:04:29 +08:00
Zongmin Lei
e71fce8974 fixed issue #25, "&quote;" should be """ 2014-12-06 16:25:35 +08:00
Zongmin Lei
bfbe23ddc1 href support "mailto:", fixed issue #24 2014-11-28 15:23:14 +08:00
island205
161f9510aa fix stripCommentTag 2014-09-12 11:41:44 +08:00
David Pett
b9bd3e0ea2 added <sub> and <sup> to the whitelist 2014-09-05 13:18:00 -05:00
penJunTan
4dd1a1bd8e 模拟相对正确的 Array.prototype.forEach 2014-04-17 18:28:24 +08:00
penJunTan
5316d8d26d 修正低版本浏览支持的 indexOf, forEach, trim 的断言 
避免在chrome等浏览覆盖对应的 ES5 方法.
 2014-04-17 18:08:06 +08:00
Zongmin Lei
a420d251f1 增加新的选项 allowCommentTag 来设置是否允许HTML备注标签,默认false 2014-04-03 11:47:21 +08:00
Zongmin Lei
fcabcf2137 默认白名单:增加排版相关的标签 2014-03-11 15:40:59 +08:00
Zongmin Lei
c1a8436521 默认白名单:修改代码顺序 2014-03-11 15:19:44 +08:00
Zongmin Lei
d512bd7643 修正:当启用stripIgnoreTagBody时,如果以要过滤的标签开头,会导致前面部分没正确删除[removed]标记 2014-03-03 18:21:39 +08:00
Zongmin Lei
d1a4521bfd 修正对style属性的过滤 2014-02-20 10:44:08 +08:00
Zongmin Lei
b358f9b163 增加 td.backgorund 过滤 2014-02-20 10:27:16 +08:00
Zongmin Lei
519f0ed944 href和src属性,如果被过滤则返回空值 2014-02-18 14:35:50 +08:00
Zongmin Lei
e2272386a1 默认href和src属性只运行 https, http, / 开头的地址 2014-02-18 14:27:27 +08:00
Zongmin Lei
3eba6dbf53 update README 2014-02-14 10:06:09 +08:00
Zongmin Lei
c63f87b61f test: stripIgnoreTagBody 2014-02-13 18:18:43 +08:00
Zongmin Lei
a6caa0ddcc StripTagBody 2014-02-13 17:56:18 +08:00
Zongmin Lei
68c26f28b9 StripTagBodyList 2014-02-13 17:55:43 +08:00
Zongmin Lei
98dc24ab5a originPosition改名为sourcePosition 2014-02-13 16:33:35 +08:00
Zongmin Lei
054aab29a2 test: stripIgnoreTag 2014-02-13 16:27:49 +08:00
Zongmin Lei
7fc9d3df3a test: onTagAttr 2014-02-13 15:55:36 +08:00
Zongmin Lei
93d4da6cfa 调整测试代码 test_custom_method 2014-02-13 15:10:09 +08:00
Zongmin Lei
1a04d6d79e 通过基本的xss白名单测试 2014-02-13 14:58:36 +08:00
Zongmin Lei
c3912a5773 修正html parser 2014-02-13 14:58:05 +08:00
Zongmin Lei
2cb1cdb6c5 默认配置 未完成 2014-02-13 11:18:03 +08:00
Zongmin Lei
ad057762a3 test: parseAttr 2014-02-13 10:26:17 +08:00
Zongmin Lei
1540118ac7 test: parseTag 2014-02-12 17:59:55 +08:00
Zongmin Lei
a5f23d9c68 简单 html parser (未完成) 2014-02-12 14:33:16 +08:00
Zongmin Lei
cf7ea7836a Merge branch 'HEAD' of git@github.com:leizongmin/js-xss.git 2014-01-30 12:21:37 +08:00
Zongmin Lei
54699f2da1 过滤 data URI 协议 2013-12-24 13:38:57 +08:00
Zongmin Lei
08763df2c7 完善测试代码 2013-12-24 13:13:28 +08:00
Zongmin Lei
0b237d5672 属性值过滤: HTML5新增实体编码 冒号&colon; 换行&NewLine; 2013-12-24 12:23:47 +08:00
Zongmin Lei
ce329b30d8 修正html实体转义部分 2013-12-24 12:06:52 +08:00
Zongmin Lei
f6e6aaf5dd 将属性值转义部分提取出来:safeAttrValue() 2013-12-24 11:36:14 +08:00
Zongmin Lei
9538e5063c 修正合并错误问题 2013-11-05 18:16:02 +08:00
xiaojue
7c9455c31d 修复ie6,7下不支持trim,forEach,indexOf,string 不支持数组形式调用,改为charAt,format了一下数组格式,避免地版本浏览器兼容错误,修改几处局部重复定义变量语句 2013-11-05 17:47:36 +08:00
Zongmin Lei
89a0be1cde 修正无法正确识别 <br/>标签问题 2013-11-05 15:40:17 +08:00
Zongmin Lei
b4f37de463 去掉无用空格 2013-11-05 15:27:35 +08:00
Zongmin Lei
a877b29c7a 更新注释 2013-09-15 23:03:05 +08:00
Zongmin Lei
51e119efb3 默认白名单中添加 thead 2013-08-15 12:57:00 +08:00
leizongmin
da43af4bcd 默认白名单tr增加rowspan属性 2013-07-11 22:58:23 +08:00
leizongmin
0d16433a32 默认白名单,img增加width和height属性 2013-07-11 22:55:41 +08:00
Zongmin Lei
2c054677c9 默认禁止标签的 style和class 属性 2013-05-27 10:54:02 +08:00