mirror of https://github.com/calzoneman/sync.git
Start working on text sanitizer
This commit is contained in:
parent
1c3273978b
commit
2e8f31ae2b
13
lib/xss.js
13
lib/xss.js
|
@ -158,7 +158,7 @@ function sanitizeHTML(str) {
|
||||||
delete t.attributes[k];
|
delete t.attributes[k];
|
||||||
} else {
|
} else {
|
||||||
if (t.attributes[k].match(badAttrValues)) {
|
if (t.attributes[k].match(badAttrValues)) {
|
||||||
t.attributes[k] = t.attributes[k].replace(badAttrValues, "");
|
t.attributes[k] = t.attributes[k].replace(badAttrValues, "[removed]");
|
||||||
}
|
}
|
||||||
|
|
||||||
var k2 = k.replace(/[^\w]/g, "");
|
var k2 = k.replace(/[^\w]/g, "");
|
||||||
|
@ -179,4 +179,15 @@ function sanitizeHTML(str) {
|
||||||
return str;
|
return str;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function sanitizeText(str) {
|
||||||
|
str = str.replace(/&/g, "&")
|
||||||
|
.replace(/</g, "<")
|
||||||
|
.replace(/>/g, ">")
|
||||||
|
.replace(/"/g, """)
|
||||||
|
.replace(/'/g, "'")
|
||||||
|
.replace(/\(/g, "(")
|
||||||
|
.replace(/\)/g, ")");
|
||||||
|
return str;
|
||||||
|
}
|
||||||
|
|
||||||
module.exports.sanitizeHTML = sanitizeHTML;
|
module.exports.sanitizeHTML = sanitizeHTML;
|
||||||
|
|
|
@ -9,7 +9,7 @@ function basicTest() {
|
||||||
"<img src=\"asdf\">");
|
"<img src=\"asdf\">");
|
||||||
|
|
||||||
assert(sanitize("<a href='javascript:alert(document.cookie)'>") ===
|
assert(sanitize("<a href='javascript:alert(document.cookie)'>") ===
|
||||||
"<a href=\":()\">");
|
"<a href=\"[removed]:[removed]([removed])\">");
|
||||||
|
|
||||||
assert(sanitize("<a ") === "<a>");
|
assert(sanitize("<a ") === "<a>");
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue