liwu0213/js-xss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
da549f31263c35ef8bc57b3a8b0692b803102529
js-xss/example/allows_attr_prefix.js
liwu0213 90d8258b4e XSS CODE 
跨站脚本攻击
2017-03-15 12:45:03 +08:00

26 lines
651 B
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/**
* 应用实例允许标签以data-开头的属性
*
* @author 老雷<leizongmin@gmail.com>
*/
var xss = require('../');
var source = '<div a="1" b="2" data-a="3" data-b="4">hello</div>';
var html = xss(source, {
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
if (name.substr(0, 5) === 'data-') {
// 通过内置的escapeAttrValue函数来对属性值进行转义
return name + '="' + xss.escapeAttrValue(value) + '"';
}
}
});
console.log('%s\nconvert to:\n%s', source, html);
/*
运行结果:
<div a="1" b="2" data-a="3" data-b="4">hello</div>
convert to:
<div data-a="3" data-b="4">hello</div>
*/
Reference in New Issue View Git Blame Copy Permalink