New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
smarty-xss
Advanced tools
smarty-xss - npm Package Compare versions
Comparing version 0.0.0 to 0.0.1
@@ -99,2 +99,3 @@ /** | ||
| this.rightDelimiter = rightDelimiter; | ||
| this._output = []; | ||
| this.tokenAnalytic(); | ||
@@ -101,0 +102,0 @@ return this._output; |
@@ -7,10 +7,8 @@ 'use strict'; | ||
| }, | ||
| parse : function(content){ | ||
| xss.isXssAutoFixed = true; | ||
| var result = xss.parse(content); | ||
| repair : function(content){ | ||
| var result = xss.parse(content, true); | ||
| return result['content']; | ||
| }, | ||
| check : function(){ | ||
| xss.isXssAutoFixed = false; | ||
| var result = xss.parse(content); | ||
| check : function(content){ | ||
| var result = xss.parse(content, false); | ||
| return result['error']; | ||
@@ -56,3 +54,23 @@ } | ||
| this.isXssAutoFixed = true; | ||
| /** | ||
| * XSS转义冲突列表 | ||
| */ | ||
| this.modifier_conflict_map = { | ||
| 'data' : ['js', 'html'], | ||
| 'path' : ['html'] | ||
| }; | ||
| /** | ||
| * XSS结果 | ||
| * @var type XSS结果 | ||
| */ | ||
| this.xss_result = { | ||
| 'error' : [], | ||
| 'content' : '', | ||
| 'realContent' : '' | ||
| }; | ||
| } | ||
| XSS.prototype.init = function(){ | ||
| /** | ||
| * XSS自动修复所需变量 | ||
@@ -93,21 +111,9 @@ * @type {Object} | ||
| }; | ||
| /** | ||
| * XSS转义冲突列表 | ||
| */ | ||
| this.modifier_conflict_map = { | ||
| 'data' : ['js', 'html'], | ||
| 'path' : ['html'] | ||
| }; | ||
| /** | ||
| * XSS结果 | ||
| * @var type XSS结果 | ||
| */ | ||
| this.xss_result = { | ||
| 'error' : [], | ||
| 'content' : '', | ||
| 'realContent' : '' | ||
| }; | ||
| } | ||
| }; | ||
| /** | ||
| * 设置参数 fileContent, xssSafeVars, isXssAutoFixed, escapeMap, leftDelimiter, rightDelimiter | ||
| * @param options | ||
| */ | ||
| XSS.prototype.config = function(options){ | ||
@@ -124,7 +130,9 @@ for(var key in options){ | ||
| * @param content | ||
| * @param isXssAutoFixed | ||
| * @return {*} | ||
| */ | ||
| XSS.prototype.parse = function(content){ | ||
| // fileContent, xssSafeVars, isXssAutoFixed, escapeMap, leftDelimiter, rightDelimiter | ||
| this.fileContent = content; | ||
| XSS.prototype.parse = function(content, isXssAutoFixed){ | ||
| this.init(); | ||
| this.fileContent = content.toString(); | ||
| this.isXssAutoFixed = isXssAutoFixed; | ||
| //需要对正则处理 | ||
@@ -382,3 +390,3 @@ this.pattern = _.preg_quote(this.leftDelimiter, '/') + '\\s*\\$(.*?)\\s*' | ||
| //XSS自动修复 | ||
| this._replaceTplVarInSentence("$" + value, str,delStr); | ||
| this._replaceTplVarInSentence("$" + value, str, delStr); | ||
| hasConflict = true; | ||
@@ -404,3 +412,3 @@ } | ||
| //记录检测到的xss信息 | ||
| this._xss_result['error'].push('[\\033[31m ' + value + ' \\033[0m] must be use "' + type + '" escape.'); | ||
| this._xss_result['error'].push(value + ' must be use "' + type + '" escape.'); | ||
| }else{ | ||
@@ -690,2 +698,2 @@ //检测转义冲突 | ||
| return content; | ||
| }; | ||
| }; |
@@ -5,3 +5,3 @@ { | ||
| "main": "lib/xss.js", | ||
| "version": "0.0.0", | ||
| "version": "0.0.1", | ||
| "author": { | ||
@@ -16,4 +16,7 @@ "name": "FIS Team", | ||
| "engines": { | ||
| "node": ">= 0.8.0" | ||
| "node": ">= 0.8.0" | ||
| }, | ||
| "dependencies": { | ||
| "chai": "~1.4.2" | ||
| } | ||
| } |
@@ -1,2 +0,2 @@ | ||
| # XSS repair for the smarty template. | ||
| # XSS repair or check for the smarty template. | ||
@@ -8,3 +8,3 @@ 对Smarty模板进行XSS校验修复 | ||
| **npm install smarty-xssrepair** | ||
| **npm install smarty-xss** | ||
@@ -21,3 +21,3 @@ | ||
| ```javascript | ||
| var xss = require('smarty-xssrepair'); | ||
| var xss = require('smarty-xss'); | ||
| ``` | ||
@@ -28,5 +28,3 @@ | ||
| ```javascript | ||
| /** | ||
| * xss.parse()方法参数为对象,通过key->value的方式进行配置设置 | ||
| */ | ||
| var option = {} | ||
@@ -41,8 +39,4 @@ escapeMap = { | ||
| }; | ||
| //需要进行检测修复的内容,必须参数 | ||
| option['fileContent'] = '<div class="{#$spUserInfo.userName|f_escape_xml#}">{#$spUserInfo.city|f_escape_xml#}</div>'; | ||
| //不同类型对应的转义列表,默认为空 | ||
| option['_check_pattern'] = escapeMap; | ||
| //是否进行修复,默认为true | ||
| option['isXssAutoFixed'] = true; | ||
| option['escapeMap'] = escapeMap; | ||
| //Smarty模板变量左定界符,默认为:<& | ||
@@ -54,11 +48,8 @@ option['leftDelimiter'] = '{#'; | ||
| option['xssSafeVars'] = ['fis_safe','fis_xss']; | ||
| //返回的结果,数据结构为 | ||
| //error为校验信息,content为修复后内容,realcontent为原内容 | ||
| //{ | ||
| // 'error':[], | ||
| // 'content':'', | ||
| // 'realContent':'' | ||
| //} | ||
| var result = xss.parse(option); | ||
| console.log(result['content']); | ||
| //设置参数 | ||
| xss.config(option); | ||
| //只进行校验,返回为记录校验信息的数组 | ||
| var check-result = xss.check('<div class="{#$spUserInfo.userName#}">{#$spUserInfo.city#}</div>'); | ||
| //进行校验修复,返回为修复后的内容 | ||
| var result = xss.repair('<div class="{#$spUserInfo.userName#}">{#$spUserInfo.city#}</div>'); | ||
| ``` | ||
@@ -65,0 +56,0 @@ |
@@ -15,15 +15,16 @@ 'use strict'; | ||
| }, | ||
| safeVars = [], | ||
| option = {}; | ||
| safeVars = []; | ||
| var option = { | ||
| 'escapeMap' : escapeMap, | ||
| 'leftDelimiter' : '{#', | ||
| 'rightDelimiter' : '#}' | ||
| }; | ||
| describe('xss.parse(option)', function(){ | ||
| it('escapeAll', function(){ | ||
| option['fileContent'] = fs.readFileSync('./test/source/escape_all.tpl') + ''; | ||
| option['escapeMap'] = escapeMap; | ||
| option['isXssAutoFixed'] = true; | ||
| option['leftDelimiter'] = '{#'; | ||
| option['rightDelimiter'] = '#}'; | ||
| var result = xss.parse(option); | ||
| xss.config(option); | ||
| var result = xss.repair(fs.readFileSync('./test/source/escape_all.tpl').toString()); | ||
| var expectContent = fs.readFileSync('./test/expect/escape_all.tpl') + ''; | ||
| expect(result['content']).to.equal(expectContent); | ||
| expect(result).to.equal(expectContent); | ||
| }); | ||
@@ -34,10 +35,5 @@ }); | ||
| it('escapeEvent', function(){ | ||
| option['fileContent'] = fs.readFileSync('./test/source/escape_event.tpl') + ''; | ||
| option['escapeMap'] = escapeMap; | ||
| option['isXssAutoFixed'] = true; | ||
| option['leftDelimiter'] = '{#'; | ||
| option['rightDelimiter'] = '#}'; | ||
| var result = xss.parse(option); | ||
| var result = xss.repair(fs.readFileSync('./test/source/escape_event.tpl').toString()); | ||
| var expectContent = fs.readFileSync('./test/expect/escape_event.tpl') + ''; | ||
| expect(result['content']).to.equal(expectContent); | ||
| expect(result).to.equal(expectContent); | ||
| }); | ||
@@ -48,10 +44,5 @@ }); | ||
| it('escapeJs', function(){ | ||
| option['fileContent'] = fs.readFileSync('./test/source/escape_js.tpl') + ''; | ||
| option['escapeMap'] = escapeMap; | ||
| option['isXssAutoFixed'] = true; | ||
| option['leftDelimiter'] = '{#'; | ||
| option['rightDelimiter'] = '#}'; | ||
| var result = xss.parse(option); | ||
| var result = xss.repair(fs.readFileSync('./test/source/escape_js.tpl').toString()); | ||
| var expectContent = fs.readFileSync('./test/expect/escape_js.tpl') + ''; | ||
| expect(result['content']).to.equal(expectContent); | ||
| expect(result).to.equal(expectContent); | ||
| }); | ||
@@ -62,10 +53,5 @@ }); | ||
| it('escapePath', function(){ | ||
| option['fileContent'] = fs.readFileSync('./test/source/escape_path.tpl') + ''; | ||
| option['escapeMap'] = escapeMap; | ||
| option['isXssAutoFixed'] = true; | ||
| option['leftDelimiter'] = '{#'; | ||
| option['rightDelimiter'] = '#}'; | ||
| var result = xss.parse(option); | ||
| var result = xss.repair(fs.readFileSync('./test/source/escape_path.tpl').toString()); | ||
| var expectContent = fs.readFileSync('./test/expect/escape_path.tpl') + ''; | ||
| expect(result['content']).to.equal(expectContent); | ||
| expect(result).to.equal(expectContent); | ||
| }); | ||
@@ -76,10 +62,5 @@ }); | ||
| it('escapeXml', function(){ | ||
| option['fileContent'] = fs.readFileSync('./test/source/escape_xml.tpl') + ''; | ||
| option['escapeMap'] = escapeMap; | ||
| option['isXssAutoFixed'] = true; | ||
| option['leftDelimiter'] = '{#'; | ||
| option['rightDelimiter'] = '#}'; | ||
| var result = xss.parse(option); | ||
| var result = xss.repair(fs.readFileSync('./test/source/escape_xml.tpl').toString()); | ||
| var expectContent = fs.readFileSync('./test/expect/escape_xml.tpl') + ''; | ||
| expect(result['content']).to.equal(expectContent); | ||
| expect(result).to.equal(expectContent); | ||
| }); | ||
@@ -90,10 +71,5 @@ }); | ||
| it('noneEscape', function(){ | ||
| option['fileContent'] = fs.readFileSync('./test/source/none_escape.tpl') + ''; | ||
| option['escapeMap'] = escapeMap; | ||
| option['isXssAutoFixed'] = true; | ||
| option['leftDelimiter'] = '{#'; | ||
| option['rightDelimiter'] = '#}'; | ||
| var result = xss.parse(option); | ||
| var result = xss.repair(fs.readFileSync('./test/source/none_escape.tpl').toString()); | ||
| var expectContent = fs.readFileSync('./test/expect/none_escape.tpl') + ''; | ||
| expect(result['content']).to.equal(expectContent); | ||
| expect(result).to.equal(expectContent); | ||
| }); | ||
@@ -104,10 +80,5 @@ }); | ||
| it('noneHtmlTag', function(){ | ||
| option['fileContent'] = fs.readFileSync('./test/source/none_html_tag.tpl') + ''; | ||
| option['escapeMap'] = escapeMap; | ||
| option['isXssAutoFixed'] = true; | ||
| option['leftDelimiter'] = '{#'; | ||
| option['rightDelimiter'] = '#}'; | ||
| var result = xss.parse(option); | ||
| var result = xss.repair(fs.readFileSync('./test/source/none_html_tag.tpl').toString()); | ||
| var expectContent = fs.readFileSync('./test/expect/none_html_tag.tpl') + ''; | ||
| expect(result['content']).to.equal(expectContent); | ||
| expect(result).to.equal(expectContent); | ||
| }); | ||
@@ -119,11 +90,7 @@ }); | ||
| safeVars = ['fis_safe','fis_xss']; | ||
| option['fileContent'] = fs.readFileSync('./test/source/safe_vars.tpl') + ''; | ||
| option['escapeMap'] = escapeMap; | ||
| option['isXssAutoFixed'] = true; | ||
| option['leftDelimiter'] = '{#'; | ||
| option['rightDelimiter'] = '#}'; | ||
| option['xssSafeVars'] = safeVars; | ||
| var result = xss.parse(option); | ||
| xss.config(option); | ||
| var result = xss.repair(fs.readFileSync('./test/source/safe_vars.tpl').toString()); | ||
| var expectContent = fs.readFileSync('./test/expect/safe_vars.tpl') + ''; | ||
| expect(result['content']).to.equal(expectContent); | ||
| expect(result).to.equal(expectContent); | ||
| }); | ||
@@ -138,11 +105,8 @@ }); | ||
| escapeMap.path='f_escape_path'; | ||
| option['fileContent'] = fs.readFileSync('./test/source/escape_map.tpl') + ''; | ||
| option['escapeMap'] = escapeMap; | ||
| option['isXssAutoFixed'] = true; | ||
| option['leftDelimiter'] = '{#'; | ||
| option['rightDelimiter'] = '#}'; | ||
| var result = xss.parse(option); | ||
| xss.config(option); | ||
| var result = xss.repair(fs.readFileSync('./test/source/escape_map.tpl').toString()); | ||
| var expectContent = fs.readFileSync('./test/expect/escape_map.tpl') + ''; | ||
| expect(result['content']).to.equal(expectContent); | ||
| expect(result).to.equal(expectContent); | ||
| }); | ||
| }); |
No alert changes
Worsened metrics
- Total package byte prevSize
- decreased by-2.15%
82260
- Dependency count
- increased byInfinity%
1
- Number of package files
- decreased by-3.85%
25
- Lines of code
- decreased by-1.67%
1828
- Number of lines in readme file
- decreased by-13.85%
56
Dependency changes
+ Addedchai@~1.4.2
+ Addedchai@1.4.2(transitive)