
var option = {}
    escapeMap = {
        'js' : 'f_escape_js',
        'html' : 'f_escape_xml',
        'data' : 'f_escape_data',
        'path' : 'f_escape_path',
        'event' : 'f_escape_event',
        'no_escape' : 'escape:none'
    };
//不同类型对应的转义列表，默认为空
option['escapeMap'] = escapeMap;
//Smarty模板变量左定界符，默认为:<&
option['leftDelimiter'] = '{#';
//Smarty模板变量右定界符，默认为:&>
option['rightDelimiter'] = '#}';
//XSS安全变量，不需要进行转义
option['xssSafeVars'] = ['fis_safe','fis_xss'];
//设置参数
xss.config(option);
//只进行校验，返回为记录校验信息的数组
var check-result = xss.check('<div class="{#$spUserInfo.userName#}">{#$spUserInfo.city#}</div>');
//进行校验修复,返回为修复后的内容
var result = xss.repair('<div class="{#$spUserInfo.userName#}">{#$spUserInfo.city#}</div>');

测试

系统测试

在源码目录执行命令：npm test

FAQs

What is smarty-xss?

Is smarty-xss popular?

Is smarty-xss well maintained?

Last updated on 14 Apr 2016

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install