Start working on text sanitizer

This commit is contained in:
calzoneman 2013-10-31 18:53:03 -05:00
parent 1c3273978b
commit 2e8f31ae2b
2 changed files with 14 additions and 3 deletions

View File

@ -158,7 +158,7 @@ function sanitizeHTML(str) {
delete t.attributes[k]; delete t.attributes[k];
} else { } else {
if (t.attributes[k].match(badAttrValues)) { if (t.attributes[k].match(badAttrValues)) {
t.attributes[k] = t.attributes[k].replace(badAttrValues, ""); t.attributes[k] = t.attributes[k].replace(badAttrValues, "[removed]");
} }
var k2 = k.replace(/[^\w]/g, ""); var k2 = k.replace(/[^\w]/g, "");
@ -179,4 +179,15 @@ function sanitizeHTML(str) {
return str; return str;
} }
function sanitizeText(str) {
str = str.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#39;")
.replace(/\(/g, "&#40;")
.replace(/\)/g, "&#41;");
return str;
}
module.exports.sanitizeHTML = sanitizeHTML; module.exports.sanitizeHTML = sanitizeHTML;

View File

@ -9,7 +9,7 @@ function basicTest() {
"<img src=\"asdf\">"); "<img src=\"asdf\">");
assert(sanitize("<a href='javascript:alert(document.cookie)'>") === assert(sanitize("<a href='javascript:alert(document.cookie)'>") ===
"<a href=\":()\">"); "<a href=\"[removed]:[removed]([removed])\">");
assert(sanitize("<a ") === "<a>"); assert(sanitize("<a ") === "<a>");