diff --git a/lib/xss.js b/lib/xss.js
index fb04129d..0ab7f297 100644
--- a/lib/xss.js
+++ b/lib/xss.js
@@ -158,7 +158,7 @@ function sanitizeHTML(str) {
delete t.attributes[k];
} else {
if (t.attributes[k].match(badAttrValues)) {
- t.attributes[k] = t.attributes[k].replace(badAttrValues, "");
+ t.attributes[k] = t.attributes[k].replace(badAttrValues, "[removed]");
}
var k2 = k.replace(/[^\w]/g, "");
@@ -179,4 +179,15 @@ function sanitizeHTML(str) {
return str;
}
+function sanitizeText(str) {
+ str = str.replace(/&/g, "&")
+ .replace(//g, ">")
+ .replace(/"/g, """)
+ .replace(/'/g, "'")
+ .replace(/\(/g, "(")
+ .replace(/\)/g, ")");
+ return str;
+}
+
module.exports.sanitizeHTML = sanitizeHTML;
diff --git a/tests/xss.js b/tests/xss.js
index 45aa46cc..b6088aea 100644
--- a/tests/xss.js
+++ b/tests/xss.js
@@ -8,8 +8,8 @@ function basicTest() {
assert(sanitize("< img src=asdf onerror='alert(\"xss\")'>") ===
"");
- assert(sanitize("") ===
- "");
+ assert(sanitize("") ===
+ "");
assert(sanitize("");