Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

smarty-xss

Package Overview
Dependencies
Maintainers
2
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

smarty-xss - npm Package Compare versions

Comparing version 0.0.9 to 0.0.10

2

lib/analytichtml.js

@@ -530,3 +530,3 @@ /**

if (item){
tpl = item . tpl;
tpl = item + tpl;
item = '';

@@ -533,0 +533,0 @@ }

2

lib/analyticjs.js

@@ -331,3 +331,3 @@ /**

}while (c !== '#' && c !== '=' && this.parsePos < this.contentLength);
var next = this.content.substr(this.parsePos, 2);
var next = this.content.substring(this.parsePos, 2);
if (next === '[]' || next === '{}'){

@@ -334,0 +334,0 @@ sharp += next;

121

lib/util.js

@@ -128,38 +128,65 @@ 'use strict';

}
// resultString = util.fix_ternary(resultString, left_delimiter, right_delimiter);
return [resultString, util.sign.FL_TPL_DELIMITER];
}
};
util.str_replace = function(search, replace, subject, count) {
var i = 0,
j = 0,
temp = '',
repl = '',
sl = 0,
fl = 0,
f = [].concat(search),
r = [].concat(replace),
s = subject,
ra = Object.prototype.toString.call(r) === '[object Array]',
sa = Object.prototype.toString.call(s) === '[object Array]';
s = [].concat(s);
if (count) {
this.window[count] = 0;
/**
* 增加三元符判断逻辑
* 安全组校验使用 修复不支持
* @parma string $value
*/
util.fix_ternary = function(fixstring, left_delimiter, right_delimiter){
var resultString = '';
var strlen = fixstring.length;
var qpos = fixstring.indexOf("?");
//判断是否有问号 和 冒号 ? : 同时存在才执行下面逻辑
if (qpos !== -1) {
var qleft_string = fixstring.substring(0, qpos+1);
while (qpos < strlen) {
//判断是否为字符串内的?
if(util.substr_count(qleft_string, "'") % 2 === 0
&& util.substr_count(qleft_string, '"') % 2 === 0)
{
resultString = left_delimiter + fixstring.substring(qpos+1);
var cutstrlen = resultString.length;
var cpos = resultString.indexOf(":");
//如果没有冒号直接返回源字符串
if (cpos === -1) {
return fixstring;
}
var cleft_string = resultString.substring(0, cpos+1);
//$cright_string = substr($fixstring,$cpos+1);
while (cpos < cutstrlen) {
//判断“:”是否为字符串内的:
if(util.substr_count(cleft_string, "'") % 2 === 0
&& util.substr_count(cleft_string, '"') % 2 === 0)
{
resultString = qleft_string + right_delimiter + resultString.substring(0, cpos) + right_delimiter + ":" + left_delimiter + resultString.substring(cpos+1);
break;
} else {
cpos = fixstring.indexOf(":", cpos+1);
//如果没有找到返回源字符串
if (cpos === -1) {
return fixstring;
}
cleft_string = resultString.substring(0,cpos+1);
continue;
}
}
break;
} else {
qpos = fixstring.indexOf("?", qpos+1);
//如果没有找到返回源字符串
if (qpos === -1) {
return fixstring;
}
for (i = 0, sl = s.length; i < sl; i++) {
if (s[i] === '') {
qleft_string = fixstring.substring(0, qpos+1);
continue;
}
for (j = 0, fl = f.length; j < fl; j++) {
temp = s[i] + '';
repl = ra ? (r[j] !== undefined ? r[j] : '') : r[0];
s[i] = (temp).split(f[j]).join(repl);
if (count && s[i] !== temp) {
this.window[count] += (temp.length - s[i].length) / f[j].length;
}
return resultString;
}
return fixstring;
}
return sa ? s : s[0];
};

@@ -284,2 +311,40 @@ util.empty = function(mixed_var) {

return sa ? s : s[0];
};
};
util.substr_count = function(haystack, needle, offset, length) {
// http://kevin.vanzonneveld.net
// + original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
// + bugfixed by: Onno Marsman
// + improved by: Brett Zamir (http://brett-zamir.me)
// + improved by: Thomas
// * example 1: substr_count('Kevin van Zonneveld', 'e');
// * returns 1: 3
// * example 2: substr_count('Kevin van Zonneveld', 'K', 1);
// * returns 2: 0
// * example 3: substr_count('Kevin van Zonneveld', 'Z', 0, 10);
// * returns 3: false
var cnt = 0;
haystack += '';
needle += '';
if (isNaN(offset)) {
offset = 0;
}
if (isNaN(length)) {
length = 0;
}
if (needle.length == 0) {
return false;
}
offset--;
while ((offset = haystack.indexOf(needle, offset + 1)) != -1) {
if (length > 0 && (offset + needle.length) > length) {
return false;
}
cnt++;
}
return cnt;
}

39

lib/xss.js

@@ -71,2 +71,4 @@ 'use strict';

};
this._white_operators = ["+" ,"-","*","/","="];
}

@@ -326,4 +328,2 @@ XSS.prototype.init = function(){

|| value.indexOf('smarty.capture') !== -1
|| value.indexOf('+') !== -1 //+运算
|| value.indexOf('=') !== -1 //赋值
|| this.escapeMap['path']

@@ -337,5 +337,15 @@ && value.indexOf(this.escapeMap['path']) !== -1 //已经使用了path进行了url转义

|| /string_format:("|\'?)[\w \.]*%[\d\.]*[bcdeufgox][\w \.]*\1/i.test( value) //增加string_format白名单
|| value.indexOf('-') !== -1 ){
){
continue;
}else{
//先判断是否有运算
if(value.indexOf('+') !== -1 //+运算
|| value.indexOf('=') !== -1 //赋值
|| value.indexOf('-') !== -1
|| value.indexOf('*') !== -1
|| value.indexOf('/') !== -1){
if(this.check_operators(value)){
continue;
}
}
//配置的安全变量

@@ -694,2 +704,23 @@ var safe_var = this.xssSafeVars;

return content;
};
};
XSS.prototype.check_operators = function(value){
var pos = 0,
flag = false;
for(var i = 0; i < this._white_operators.length; i++){
var operator = this._white_operators[i];
pos = value.indexOf(operator);
if(pos !== -1){
var operator_left_string = value.substring(0,pos+1);
//判断是否不在字符串
if(_.substr_count(operator_left_string, "'") % 2 === 0
&& _.substr_count(operator_left_string, '"') % 2 === 0) {
flag = true;
break;
}
}else{
continue;
}
}
return flag;
}

2

package.json

@@ -5,3 +5,3 @@ {

"main": "lib/xss.js",
"version": "0.0.9",
"version": "0.0.10",
"author": {

@@ -8,0 +8,0 @@ "name": "FIS Team",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc