@beisen/xss-filter - npm Package Compare versions

Comparing version 0.0.2 to 0.0.3

package.json

		{
		"name": "@beisen\/xss-filter",
		"description": "sanitize untrusted HTML tool for beisencorp",
		"version": "0.0.2",
		"version": "0.0.3",
		"main": "xss-filter.min.js",
		@@ -6,0 +6,0 @@ "author": {

README.md

		@@ -15,2 +15,14 @@ ### 开发用
		5.XSSFilter.URLEncode \| 用于转义 URL
		6.XSSFilter.URLDecode \| 用于翻译转义过的 URL
		6.XSSFilter.URLDecode \| 用于翻译转义过的 URL

		### 转义字符范围

		字符 \| 原因
		---\|---
		" ' \| 能够闭合属性
		& \| 在属性或 script 标签中使用&#构造字符会被解析为原文使过滤失效
		< > \| 能够闭合标签
		`\| 可被用于字符串的插值计算
		0x00-0x20 \| 空格和部分系统预留主要防止构造空字符逃避 WAF
		0x7F-0xFF \| 特殊符号制表位等防止利用换行和系统不支持的字符逃避 WAF
		0x0100-0x2700 \| 拉丁语字符防止利用异体字符逃避 WAF

xss-filter.js

		@@ -7,2 +7,3 @@ (function () {
		* < > 能够闭合标签
		* ` 可被用于字符串的插值计算
		* 0x00-0x20 空格和部分系统预留主要防止构造空字符逃避 WAF
		@@ -15,3 +16,3 @@ * 0x7F-0xFF 特殊符号制表位等防止利用换行和系统不支持的字符逃避 WAF
		const options = {
		REGX_HTML_ENCODE: /"\|&\|'\|<\|>\|[\x00-\x20]\|[\x7F-\xFF]\|[\u0100-\u2700]/g,
		REGX_HTML_ENCODE: /"\|&\|'\|<\|>\|`\|[\x00-\x20]\|[\x7F-\xFF]\|[\u0100-\u2700]/g,
		REGX_HTML_DECODE: /&\w+;\|&#(\d+);/g,
		@@ -18,0 +19,0 @@ REGX_TRIM: /(^\s)\|(\s$)/g,

xss-filter.min.js

		@@ -1,1 +0,1 @@
		(function(){var e={REGX_HTML_ENCODE:/"\|&\|'\|<\|>\|[\x00-\x20]\|[\x7F-\xFF]\|[\u0100-\u2700]/g,REGX_HTML_DECODE:/&\w+;\|&#(\d+);/g,REGX_TRIM:/(^\s)\|(\s$)/g,HTML_DECODE:{"<":"<",">":">","&":"&"," ":" ",""":'"',"©":"©"}},r=function e(r){return r instanceof e?r:this instanceof e?void 0:new e(r)};"undefined"!=typeof exports?("undefined"!=typeof module&&module.exports&&(exports=module.exports=r),exports.XSSFilter=r):this.XSSFilter=r,r.HTMLEncode=function(r){return"string"!=typeof r?r:r.replace(e.REGX_HTML_ENCODE,function(e){var r=e.charCodeAt(0),t=["&#"];return r=32==r?160:r,t.push(r),t.push(";"),t.join("")})},r.HTMLDecode=function(r){return"string"!=typeof r?r:r.replace(e.REGX_HTML_DECODE,function(r,t){var n=e.HTML_DECODE[r];return void 0===n&&(n=isNaN(t)?r:String.fromCharCode(160==t?32:t)),n})},r.trim=function(r){return"string"!=typeof(r=null!=r?r:this.toString())?r:r.replace(e.REGX_TRIM,"")},r.JavaScriptEncode=function(e){var r=new Array("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f");function t(e){var t=!0,n=e.charAt(0),o=e.charCodeAt(0);switch(n){case"\n":return"\\n";case"\r":return"\\r";case"'":return"\\'";case'"':return'\\"';case"&":return"\\&";case"\\":return"\\\\";case"\t":return"\\t";case"\b":return"\\b";case"\f":return"\\f";case"/":return"\\x2F";case"<":return"\\x3C";case">":return"\\x3E";default:t=!1}if(!t){if(o>47&&o<58)return e;if(o>64&&o<91)return e;if(o>96&&o<123)return e;if(o>127){var u=o,c=u%16,i=(u=Math.floor(u/16))%16,a=(u=Math.floor(u/16))%16;return u=Math.floor(u/16),"\\u"+r[u%16]+r[a]+r[i]+r[c]}return"\\x"+e.charCodeAt(0).toString(16)}}var n=e,o="",u=0;for(u=0;u<n.length;u++)o+=t(n.charAt(u));return o},r.URLEncode=function(e){return e.indexOf("http")<0&&e.indexOf("//")<0?encodeURIComponent(e):encodeURI(e)},r.URLDecode=function(e){return e.indexOf("http")<0&&e.indexOf("//")<0?decodeURIComponent(e):decodeURI(e)}}).call(this);
		(function(){var e={REGX_HTML_ENCODE:/"\|&\|'\|<\|>\|`\|[\x00-\x20]\|[\x7F-\xFF]\|[\u0100-\u2700]/g,REGX_HTML_DECODE:/&\w+;\|&#(\d+);/g,REGX_TRIM:/(^\s)\|(\s$)/g,HTML_DECODE:{"<":"<",">":">","&":"&"," ":" ",""":'"',"©":"©"}},r=function e(r){return r instanceof e?r:this instanceof e?void 0:new e(r)};"undefined"!=typeof exports?("undefined"!=typeof module&&module.exports&&(exports=module.exports=r),exports.XSSFilter=r):this.XSSFilter=r,r.HTMLEncode=function(r){return"string"!=typeof r?r:r.replace(e.REGX_HTML_ENCODE,function(e){var r=e.charCodeAt(0),t=["&#"];return r=32==r?160:r,t.push(r),t.push(";"),t.join("")})},r.HTMLDecode=function(r){return"string"!=typeof r?r:r.replace(e.REGX_HTML_DECODE,function(r,t){var n=e.HTML_DECODE[r];return void 0===n&&(n=isNaN(t)?r:String.fromCharCode(160==t?32:t)),n})},r.trim=function(r){return"string"!=typeof(r=null!=r?r:this.toString())?r:r.replace(e.REGX_TRIM,"")},r.JavaScriptEncode=function(e){var r=new Array("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f");function t(e){var t=!0,n=e.charAt(0),o=e.charCodeAt(0);switch(n){case"\n":return"\\n";case"\r":return"\\r";case"'":return"\\'";case'"':return'\\"';case"&":return"\\&";case"\\":return"\\\\";case"\t":return"\\t";case"\b":return"\\b";case"\f":return"\\f";case"/":return"\\x2F";case"<":return"\\x3C";case">":return"\\x3E";default:t=!1}if(!t){if(o>47&&o<58)return e;if(o>64&&o<91)return e;if(o>96&&o<123)return e;if(o>127){var u=o,c=u%16,i=(u=Math.floor(u/16))%16,a=(u=Math.floor(u/16))%16;return u=Math.floor(u/16),"\\u"+r[u%16]+r[a]+r[i]+r[c]}return"\\x"+e.charCodeAt(0).toString(16)}}var n=e,o="",u=0;for(u=0;u<n.length;u++)o+=t(n.charAt(u));return o},r.URLEncode=function(e){return e.indexOf("http")<0&&e.indexOf("//")<0?encodeURIComponent(e):encodeURI(e)},r.URLDecode=function(e){return e.indexOf("http")<0&&e.indexOf("//")<0?decodeURIComponent(e):decodeURI(e)}}).call(this);

xss-filter.polyfill.js

		@@ -7,2 +7,3 @@ (function () {
		* < > 能够闭合标签
		* ` 可被用于字符串的插值计算
		* 0x00-0x20 空格和部分系统预留主要防止构造空字符逃避 WAF
		@@ -15,3 +16,3 @@ * 0x7F-0xFF 特殊符号制表位等防止利用换行和系统不支持的字符逃避 WAF
		var options = {
		REGX_HTML_ENCODE: /"\|&\|'\|<\|>\|[\x00-\x20]\|[\x7F-\xFF]\|[\u0100-\u2700]/g,
		REGX_HTML_ENCODE: /"\|&\|'\|<\|>\|`\|[\x00-\x20]\|[\x7F-\xFF]\|[\u0100-\u2700]/g,
		REGX_HTML_DECODE: /&\w+;\|&#(\d+);/g,
		@@ -18,0 +19,0 @@ REGX_TRIM: /(^\s)\|(\s$)/g,

xss-filter.min.js.map

Sorry, the diff of this file is not supported yet

		@@ -15,2 +15,14 @@ ### 开发用
		5.XSSFilter.URLEncode \| 用于转义 URL
		6.XSSFilter.URLDecode \| 用于翻译转义过的 URL
		6.XSSFilter.URLDecode \| 用于翻译转义过的 URL

		### 转义字符范围

		字符 \| 原因
		---\|---
		" ' \| 能够闭合属性
		& \| 在属性或 script 标签中使用&#构造字符会被解析为原文使过滤失效
		< > \| 能够闭合标签
		`\| 可被用于字符串的插值计算
		0x00-0x20 \| 空格和部分系统预留主要防止构造空字符逃避 WAF
		0x7F-0xFF \| 特殊符号制表位等防止利用换行和系统不支持的字符逃避 WAF
		0x0100-0x2700 \| 拉丁语字符防止利用异体字符逃避 WAF

@beisen/xss-filter - npm Package Compare versions

Improved metrics