moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Start working on text sanitizer

This commit is contained in:
calzoneman 2013-10-31 18:53:03 -05:00
parent 1c3273978b
commit 2e8f31ae2b
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/xss.js
View File

@ -158,7 +158,7 @@ function sanitizeHTML(str) {
delete t.attributes[k];
} else {
if (t.attributes[k].match(badAttrValues)) {
t.attributes[k] = t.attributes[k].replace(badAttrValues, "");
t.attributes[k] = t.attributes[k].replace(badAttrValues, "[removed]");
}
var k2 = k.replace(/[^\w]/g, "");
@ -179,4 +179,15 @@ function sanitizeHTML(str) {
return str;
}
function sanitizeText(str) {
str = str.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#39;")
.replace(/\(/g, "&#40;")
.replace(/\)/g, "&#41;");
return str;
}
module.exports.sanitizeHTML = sanitizeHTML;

4
tests/xss.js
View File

@ -8,8 +8,8 @@ function basicTest() {
assert(sanitize("< img src=asdf onerror='alert(\"xss\")'>") ===
"<img src=\"asdf\">");
assert(sanitize("<a href='javascript:alert(document.cookie)'>") ===
"<a href=\":()\">");
assert(sanitize("<a href='javascript:alert(document.cookie)'>") ===
"<a href=\"[removed]:[removed]([removed])\">");
assert(sanitize("<a ") === "<a>");