leizongmin/js-xss - js-xss - Gitea: Git with a cup of tea

leizongmin/js-xss

Author	SHA1	Message	Date
Matthew Benjamin Schupack	6914bbaf93	feat: add support for allowList as an alias for whiteList	2021-12-13 13:29:29 -05:00
Zongmin Lei	699acdea7d	fix: #239 stripCommentTag DoS attack	2021-10-08 16:23:28 +08:00
Zongmin Lei	b82a3270fa	fix test for #189	2020-06-08 10:46:47 +08:00
Zongmin Lei	9b85b8f2d6	reformat by prettier	2017-12-21 14:22:34 +08:00
Zongmin Lei	32a4bece31	translate all comments to English	2017-12-21 14:19:10 +08:00
Christian Schoeppler	2728bb88f7	added tel number handling for links	2017-11-24 13:57:30 +01:00
Zongmin Lei	8c0b78f2af	test: add more test	2017-08-29 14:10:31 +08:00
Zongmin Lei	e426e8cfe7	style: fix test indent format	2017-08-29 13:58:36 +08:00
Zongmin Lei	2b7aa8432e	test: 增加测试用例	2017-07-12 19:32:43 +08:00
Zongmin Lei	3ecf8542a0	fix: issue #66 no options mutated	2016-12-20 09:13:35 +08:00
Zongmin Lei	8df84a1995	单元测试使用debug显示输出	2015-12-01 22:10:48 +08:00
Zongmin Lei	4ff066f0f6	修正 issue #41 href默认允许#开头	2015-12-01 21:53:59 +08:00
Zongmin Lei	fb5891fa7c	Fixed issue #40 start quote only when the previous char is `=`	2015-08-18 18:33:56 +08:00
Zongmin Lei	fb6364d431	Fixed issue #37 support unstrict HTML format: allow spaces between attribute name and attribute value	2015-08-02 21:20:36 +08:00
Zongmin Lei	7fd196296c	修正单元测试代码 <script> --> <scri + pt> 保证在浏览器上测试通过	2015-05-06 11:36:56 +08:00
Zongmin Lei	994f1a7045	v0.2.0 使用cssfilter模块来过滤style属性	2015-05-05 22:50:56 +08:00
Zongmin Lei	6249d4cf2a	过滤是通过设置stripBlankChar=true来过滤不可见字符	2015-01-22 14:20:55 +08:00
Zongmin Lei	89c6930b9e	取消自动清除不可见字符	2015-01-22 14:07:17 +08:00
Zongmin Lei	97d0bdf516	自动清除不可见字符	2015-01-20 13:06:54 +08:00
Zongmin Lei	c7bd9c0fc4	兼容各种奇葩输入	2015-01-12 14:04:29 +08:00
Zongmin Lei	e71fce8974	fixed issue #25 , "&quote;" should be """	2014-12-06 16:25:35 +08:00
Zongmin Lei	bfbe23ddc1	href support "mailto:", fixed issue #24	2014-11-28 15:23:14 +08:00
Zongmin Lei	8a08cea378	添加HTML备注处理测试代码	2014-09-12 12:23:36 +08:00
Zongmin Lei	a420d251f1	增加新的选项 allowCommentTag 来设置是否允许HTML备注标签，默认false	2014-04-03 11:47:21 +08:00
Zongmin Lei	d1a4521bfd	修正对style属性的过滤	2014-02-20 10:44:08 +08:00
Zongmin Lei	b358f9b163	增加 td.backgorund 过滤	2014-02-20 10:27:16 +08:00
Zongmin Lei	519f0ed944	href和src属性，如果被过滤则返回空值	2014-02-18 14:35:50 +08:00
Zongmin Lei	e2272386a1	默认href和src属性只运行 https, http, / 开头的地址	2014-02-18 14:27:27 +08:00
Zongmin Lei	5c46660e43	测试文件	2014-02-13 16:38:32 +08:00
Zongmin Lei	93d4da6cfa	调整测试代码 test_custom_method	2014-02-13 15:10:09 +08:00
Zongmin Lei	858b65895d	白名单测试	2014-02-13 15:01:39 +08:00
Zongmin Lei	1a04d6d79e	通过基本的xss白名单测试	2014-02-13 14:58:36 +08:00
Zongmin Lei	54699f2da1	过滤 data URI 协议	2013-12-24 13:38:57 +08:00
Zongmin Lei	08763df2c7	完善测试代码	2013-12-24 13:13:28 +08:00
Zongmin Lei	01953d3cf2	添加测试代码	2013-12-24 12:43:12 +08:00
Zongmin Lei	0b237d5672	属性值过滤： HTML5新增实体编码冒号&colon; 换行&NewLine;	2013-12-24 12:23:47 +08:00
Zongmin Lei	2d46516427	修正测试代码对&#0000106这种属性值的转义测试	2013-12-24 12:10:18 +08:00
Zongmin Lei	ce329b30d8	修正html实体转义部分	2013-12-24 12:06:52 +08:00
Zongmin Lei	89a0be1cde	修正无法正确识别 <br/>标签问题	2013-11-05 15:40:17 +08:00
Zongmin Lei	2c054677c9	默认禁止标签的 style和class 属性	2013-05-27 10:54:02 +08:00
Lei Zongmin	73c70c6300	去掉一行测试代码，暂时不知道为什么在Windows上测试不通过	2013-04-19 16:17:25 +08:00
leizongmin	44e569a8a1	增加工具函数，提供一些特殊应用	2012-09-20 20:55:42 +08:00
leizongmin	4dbf998757	onIgnoreAttr() 提供更多参数信息	2012-09-20 20:30:32 +08:00
leizongmin	57d7b89616	可自定义如何处理不在白名单中的标签	2012-09-19 19:56:20 +08:00
leizongmin	a25c73c8eb	添加测试代码，基本能正常使用	2012-09-19 11:10:16 +08:00
leizongmin	c82e276188	更新测试代码	2012-09-19 10:44:26 +08:00
leizongmin	8740e64f72	屏蔽URL中的 ja vasc ript这样的网址	2012-09-19 10:27:24 +08:00
leizongmin	3c801cef5d	自动转换属性值中j这样的字符	2012-09-19 10:12:10 +08:00
leizongmin	1ce77ad87a	正确解析没有双引号括起来的属性值	2012-09-19 09:54:07 +08:00
leizongmin	d547c0b61b	部分XSS攻击测试	2012-09-19 09:04:23 +08:00

1 2