sfn-xss - npm Package Compare versions

Comparing version 0.1.0 to 0.1.1

index.js

@@ -0,1 +1,5 @@
+function isArray(obj) {
+    return Object.prototype.toString.apply(obj).slice(8, -1) == "Array";
+}
+
 /** 
@@ -8,11 +12,14 @@ * Escapes HTML tags.
  */
-function escapeTags(html, tags = "<script><style><iframe><object><embed>") {
-    tags = Array.isArray(tags) ? tags : tags.match(/[a-zA-Z0-9\-:]+/g);
-    for (let tag of tags) {
-        let re1 = new RegExp(`<${tag}\\s*>`, "gi"),
-            re2 = new RegExp(`<\\/${tag}\\s*>`, "gi"),
-            re3 = new RegExp(`<${tag}(.*)>`, "gi");
+function escapeTags(html, tags) {
+    tags = tags || "<script><style><iframe><object><embed>";
+    tags = isArray(tags) ? tags : tags.match(/[a-zA-Z0-9\-:]+/g);
 
-        html = html.replace(re1, `&lt;${tag}&gt;`)
-            .replace(re2, `&lt;/${tag}&gt;`)
+    for (var i in tags) {
+        var tag = tags[i],
+            re1 = new RegExp("<" + tag + "\\s*>", "gi"),
+            re2 = new RegExp("<\\/" + tag + "\\s*>", "gi"),
+            re3 = new RegExp("<" + tag + "(.*)>", "gi");
+
+        html = html.replace(re1, "&lt;" + tag + "&gt;")
+            .replace(re2, "&lt;/" + tag + "&gt;")
             .replace(re3, match => {
@@ -22,2 +29,3 @@ return "&lt;" + match.substring(1, match.length - 1) + "&gt;";
     }
+
     return html;
@@ -24,0 +32,0 @@ }

package.json

 {
   "name": "sfn-xss",
-  "version": "0.1.0",
-  "description": "Safety functions for Node.js XSS protection.",
+  "version": "0.1.1",
+  "description": "Safety Functions for Node.js XSS protection.",
   "main": "index.js",
@@ -6,0 +6,0 @@ "types": "index.d.ts",

README.md

 # SFN-XSS
 
-**Safety functions for Node.js XSS protection.**
+**Safety Functions for Node.js XSS protection.**
 
@@ -5,0 +5,0 @@ ## Install

test.js

@@ -1,23 +0,13 @@
-const {
-    escapeTags,
-    escapeScriptHrefs,
-    escapeEventAttributes
-} = require("./");
+var assert = require("assert");
+var xss = require("./");
 
 var html = "<script>document.write('You are being hacked.')</script>";
-var escaped = escapeTags(html);
+assert.equal(xss.escapeTags(html), "&lt;script&gt;document.write('You are being hacked.')&lt;/script&gt;");
 
-console.log(escaped);
-// &lt;script&gt;document.write('You are being hacked.')&lt;/script&gt;
+var html2 = "<a href=\"javascript:document.write('You are being hacked.');\">";
+assert.equal(xss.escapeScriptHrefs(html2), "<a data-href=\"javascript:document.write('You are being hacked.');\">");
 
-var html2 = `<a href="javascript:document.write('You are being hacked.');">`;
-var escaped2 = escapeScriptHrefs(html2);
-
-console.log(escaped2);
-// <a data-href="jscript:document.write('You are being hacked.');">
-
 var html3 = `<button onclick="document.write('You are being hacked.')">`;
-var escaped3 = escapeEventAttributes(html3);
+assert.equal(xss.escapeEventAttributes(html3), "<button data-onclick=\"document.write('You are being hacked.')\">");
 
-console.log(escaped3);
-// <button data-onclick="document.write('You are being hacked.')">
+console.log("All tests passed!");

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

5400

increased by3.27%

Number of package files

7

increased by16.67%

Worsened metrics

Lines of code

68

decreased by-4.23%

No dependency changes