Start working on text sanitizer
This commit is contained in:
parent
1c3273978b
commit
2e8f31ae2b
13
lib/xss.js
13
lib/xss.js
|
@ -158,7 +158,7 @@ function sanitizeHTML(str) {
|
|||
delete t.attributes[k];
|
||||
} else {
|
||||
if (t.attributes[k].match(badAttrValues)) {
|
||||
t.attributes[k] = t.attributes[k].replace(badAttrValues, "");
|
||||
t.attributes[k] = t.attributes[k].replace(badAttrValues, "[removed]");
|
||||
}
|
||||
|
||||
var k2 = k.replace(/[^\w]/g, "");
|
||||
|
@ -179,4 +179,15 @@ function sanitizeHTML(str) {
|
|||
return str;
|
||||
}
|
||||
|
||||
function sanitizeText(str) {
|
||||
str = str.replace(/&/g, "&")
|
||||
.replace(/</g, "<")
|
||||
.replace(/>/g, ">")
|
||||
.replace(/"/g, """)
|
||||
.replace(/'/g, "'")
|
||||
.replace(/\(/g, "(")
|
||||
.replace(/\)/g, ")");
|
||||
return str;
|
||||
}
|
||||
|
||||
module.exports.sanitizeHTML = sanitizeHTML;
|
||||
|
|
|
@ -9,7 +9,7 @@ function basicTest() {
|
|||
"<img src=\"asdf\">");
|
||||
|
||||
assert(sanitize("<a href='javascript:alert(document.cookie)'>") ===
|
||||
"<a href=\":()\">");
|
||||
"<a href=\"[removed]:[removed]([removed])\">");
|
||||
|
||||
assert(sanitize("<a ") === "<a>");
|
||||
|
||||
|
|
Loading…
Reference in a new issue