moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Minor correction to xss.js

This commit is contained in:
Calvin Montgomery 2013-11-02 02:28:43 -05:00
parent d06ca9a99f
commit 9dc964bd77
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/xss.js
View File

@ -216,6 +216,13 @@ function sanitizeHTML(str) {
continue;
}
for (var k in t.attributes) {
// Keys should not contain non-word characters.
var k2 = k.replace(/[^\w]/g, "");
if (k2 !== k) {
t.attributes[k2] = t.attributes[k];
delete t.attributes[k];
k = k2;
}
// If it's an evil attribute, just nuke it entirely
if (k.match(badAttrs)) {
delete t.attributes[k];
@ -225,12 +232,6 @@ function sanitizeHTML(str) {
t.attributes[k] = t.attributes[k].replace(badAttrValues, "[removed]");
}
// Keys should not contain non-word characters.
var k2 = k.replace(/[^\w]/g, "");
if (k2 !== k) {
t.attributes[k2] = t.attributes[k];
delete t.attributes[k];
}
}
}
// Build the sanitized tag