leizongmin/js-xss - js-xss - Gitea: Git with a cup of tea

leizongmin/js-xss

Author	SHA1	Message	Date
Zongmin Lei	b5902962ad	Fixed issue #36 safeAttrValue() check if cssFilter argument is undefined then use an default cssFilter	2015-07-30 12:00:08 +08:00
Zongmin Lei	994f1a7045	v0.2.0 使用cssfilter模块来过滤style属性	2015-05-05 22:50:56 +08:00
josephj	231458ea48	避免窜改 Array.prototype	2015-03-27 22:02:03 +11:00
Zongmin Lei	6249d4cf2a	过滤是通过设置stripBlankChar=true来过滤不可见字符	2015-01-22 14:20:55 +08:00
Zongmin Lei	97d0bdf516	自动清除不可见字符	2015-01-20 13:06:54 +08:00
Zongmin Lei	e71fce8974	fixed issue #25 , "&quote;" should be """	2014-12-06 16:25:35 +08:00
Zongmin Lei	bfbe23ddc1	href support "mailto:", fixed issue #24	2014-11-28 15:23:14 +08:00
island205	161f9510aa	fix stripCommentTag	2014-09-12 11:41:44 +08:00
David Pett	b9bd3e0ea2	added <sub> and <sup> to the whitelist	2014-09-05 13:18:00 -05:00
Zongmin Lei	a420d251f1	增加新的选项 allowCommentTag 来设置是否允许HTML备注标签，默认false	2014-04-03 11:47:21 +08:00
Zongmin Lei	fcabcf2137	默认白名单：增加排版相关的标签	2014-03-11 15:40:59 +08:00
Zongmin Lei	c1a8436521	默认白名单：修改代码顺序	2014-03-11 15:19:44 +08:00
Zongmin Lei	d512bd7643	修正：当启用stripIgnoreTagBody时，如果以要过滤的标签开头，会导致前面部分没正确删除[removed]标记	2014-03-03 18:21:39 +08:00
Zongmin Lei	d1a4521bfd	修正对style属性的过滤	2014-02-20 10:44:08 +08:00
Zongmin Lei	b358f9b163	增加 td.backgorund 过滤	2014-02-20 10:27:16 +08:00
Zongmin Lei	519f0ed944	href和src属性，如果被过滤则返回空值	2014-02-18 14:35:50 +08:00
Zongmin Lei	e2272386a1	默认href和src属性只运行 https, http, / 开头的地址	2014-02-18 14:27:27 +08:00
Zongmin Lei	c63f87b61f	test: stripIgnoreTagBody	2014-02-13 18:18:43 +08:00
Zongmin Lei	a6caa0ddcc	StripTagBody	2014-02-13 17:56:18 +08:00
Zongmin Lei	68c26f28b9	StripTagBodyList	2014-02-13 17:55:43 +08:00
Zongmin Lei	054aab29a2	test: stripIgnoreTag	2014-02-13 16:27:49 +08:00
Zongmin Lei	7fc9d3df3a	test: onTagAttr	2014-02-13 15:55:36 +08:00
Zongmin Lei	1a04d6d79e	通过基本的xss白名单测试	2014-02-13 14:58:36 +08:00
Zongmin Lei	2cb1cdb6c5	默认配置未完成	2014-02-13 11:18:03 +08:00