smarty-xssrepair - npm Package Compare versions

Comparing version 0.0.1 to 0.0.2

lib/analytichtml.js

		@@ -75,2 +75,5 @@ /**

		/**
		* 分析字符
		*/
		AnalyticHtml.prototype.tokenAnalytic = function(){
		@@ -86,2 +89,6 @@ while (true){

		/**
		* 解析成不同类型的片段组合
		* @return {*}
		*/
		AnalyticHtml.prototype.getNextToken = function(){
		@@ -134,2 +141,8 @@ if (this.parsePos >= this.contentLength){

		/**
		* 以<开头，获取整个标签
		* @param str
		* @return {Array}
		* @private
		*/
		AnalyticHtml.prototype._getTagToken = function(str){
		@@ -206,2 +219,7 @@ var resultString = str;

		/**
		* 获取pre标签内容
		* @return {Array}
		* @private
		*/
		AnalyticHtml.prototype._getPreTagToken = function(){
		@@ -222,2 +240,7 @@ var resultString = '<pre';

		/**
		* 获取textarea内容
		* @return {Array}
		* @private
		*/
		AnalyticHtml.prototype._getTextareaTagToken = function(){
		@@ -238,2 +261,8 @@ var resultString = '<textarea';

		/**
		* 计算标签之间的内容
		* @param str
		* @return {Array}
		* @private
		*/
		AnalyticHtml.prototype._getContentToken = function(str){
		@@ -293,3 +322,9 @@ var resultString = str;
		};

		/**
		* 获取script片段代码
		* @param str
		* @param type
		* @return {*}
		* @private
		*/
		AnalyticHtml.prototype._getScriptORSTYLE = function(str, type){
		@@ -331,2 +366,7 @@ var tokenText = type == 1 ? '</script>' : '</style>';

		/**
		* 获取标签内属性键值对
		* @param tagContent
		* @return {Array}
		*/
		AnalyticHtml.prototype.getTagAttributes = function(tagContent){
		@@ -375,3 +415,3 @@ //tag end
		// 如果标签名解析出来为空，再进一步判断是否为Smarty变量
		if(_.empty(tagName)) {
		if(!tagName) {
		str = this.content[this.parsePos];
		@@ -455,4 +495,2 @@ this.parsePos++;
		}
		name = '';
		attr = '';
		}
		@@ -459,0 +497,0 @@ return result;

100

lib/util.js

		@@ -8,3 +8,3 @@ 'use strict';
		FL_TPL_DELIMITER : 2, //模板语法
		FL_NEW_LINE : 3, //new line
		FL_NEW_LINE : 3, //new line
		FL_NORMAL : 4, //normal,一般很少出现这个
		@@ -15,13 +15,13 @@
		HTML_JS_START : 113, //js start
		HTML_JS_CONTENT :114, //js content,要手工调用js analytic
		HTML_JS_END : 115, //js end
		HTML_CSS_START : 116, //css start
		HTML_JS_CONTENT : 114, //js content,要手工调用js analytic
		HTML_JS_END : 115, //js end
		HTML_CSS_START : 116, //css start
		HTML_CSS_CONTENT : 117, //css content,要手工调用css analytic
		HTML_CSS_END : 118, //css end
		HTML_IE_HACK_START : 119, //ie hack start
		HTML_IE_HACK_EDN : 120, //ie hack end
		HTML_IE_HACK_START : 119, //ie hack start
		HTML_IE_HACK_EDN : 120, //ie hack end
		HTML_DOC_TYPE : 121, //doc type
		HTML_COMMENT : 122, //html comment
		HTML_PRE_TAG : 123, //pre tag
		HTML_STATUS_OK : 124, //status ok
		HTML_STATUS_OK : 124, //status ok
		HTML_TEXTAREA_TAG : 125, //textarea tag
		@@ -34,3 +34,3 @@ HTML_TAG_START : 126, //tag start

		JS_START_EXPR : 211, //start expression
		JS_START_EXPR : 211, //start expression
		JS_END_EXPR : 212, //end expression
		@@ -45,3 +45,3 @@ JS_START_BLOCK : 213, //start block
		JS_BLOCK_COMMENT : 220, //跨级注释
		JS_COMMENT : 221, //注释
		JS_COMMENT : 221, //注释
		JS_STRING : 222, //字符串
		@@ -51,6 +51,6 @@ JS_IE_CC : 223, //条件编译
		JS_WHITESPACE : 225, //空白（\s+）
		JS_NUMBER : 226, //数字
		JS_NUMBER : 226, //数字
		JS_IDENTIFIER : 227, //标识符
		JS_PUNCTUATION : 228, //标点或符号
		JS_KEYWORDS : 229, //关键字
		JS_KEYWORDS : 229, //关键字
		JS_KEYWORDS_ATOM : 230, //原子词：true、false、null、undefined
		@@ -60,3 +60,3 @@ JS_RESERVED_WORDS : 231, //保留字
		JS_MODE_EXPRESSION : 250, //
		JS_MODE_INDENT_EXPRESSION : 251, //
		JS_MODE_INDENT_EXPRESSION : 251, //
		JS_MODE_DO_BLOCK : 252, //
		@@ -67,4 +67,4 @@ JS_MODE_BLOCK : 253, //

		CSS_AT : 311, //@
		CSS_NORMAL : 312, //
		CSS_AT : 311, //@
		CSS_NORMAL : 312, //
		CSS_DEVICE_DESC : 313, //设备描述内容
		@@ -140,3 +140,3 @@ CSS_DEVICE_START : 314, //设备开始符,为{
		util.str_replace = function(search, replace, subject, count) {
		var i = 0,
		var i = 0,
		j = 0,
		@@ -152,44 +152,44 @@ temp = '',
		sa = Object.prototype.toString.call(s) === '[object Array]';
		s = [].concat(s);
		if (count) {
		this.window[count] = 0;
		}

		for (i = 0, sl = s.length; i < sl; i++) {
		if (s[i] === '') {
		continue;
		s = [].concat(s);
		if (count) {
		this.window[count] = 0;
		}
		for (j = 0, fl = f.length; j < fl; j++) {
		temp = s[i] + '';
		repl = ra ? (r[j] !== undefined ? r[j] : '') : r[0];
		s[i] = (temp).split(f[j]).join(repl);
		if (count && s[i] !== temp) {
		this.window[count] += (temp.length - s[i].length) / f[j].length;
		}

		for (i = 0, sl = s.length; i < sl; i++) {
		if (s[i] === '') {
		continue;
		}
		for (j = 0, fl = f.length; j < fl; j++) {
		temp = s[i] + '';
		repl = ra ? (r[j] !== undefined ? r[j] : '') : r[0];
		s[i] = (temp).split(f[j]).join(repl);
		if (count && s[i] !== temp) {
		this.window[count] += (temp.length - s[i].length) / f[j].length;
		}
		}
		}
		}
		return sa ? s : s[0];
		return sa ? s : s[0];
		};

		util.empty = function(mixed_var) {
		var undef, key, i, len;
		var emptyValues = [undef, null, false, 0, "", "0"];

		for (i = 0, len = emptyValues.length; i < len; i++) {
		if (mixed_var === emptyValues[i]) {
		return true;
		var undef, key, i, len;
		var emptyValues = [undef, null, false, 0, "", "0"];

		for (i = 0, len = emptyValues.length; i < len; i++) {
		if (mixed_var === emptyValues[i]) {
		return true;
		}
		}
		}

		if (typeof mixed_var === "object") {
		for (key in mixed_var) {
		// TODO: should we check for own properties only?
		//if (mixed_var.hasOwnProperty(key)) {
		return false;
		//}

		if (typeof mixed_var === "object") {
		for (key in mixed_var) {
		// TODO: should we check for own properties only?
		//if (mixed_var.hasOwnProperty(key)) {
		return false;
		//}
		}
		return true;
		}
		return true;
		}

		return false;

		return false;
		};
		@@ -196,0 +196,0 @@

lib/xss.js

		@@ -15,17 +15,37 @@ 'use strict';
		function XSS(){
		/**
		* 校验修复内容
		* @type {String}
		*/
		this.fileContent = '';
		this._pattern = '';
		/**
		* smarty模板左定界符，默认为<&
		* @type {String}
		*/
		this.leftDelimiter = '<&';
		/**
		* smarty模板右定界符,默认为&>
		* @type {String}
		*/
		this.rightDelimiter = '&>';
		/**
		* 变量白名单，不需要进行转义的
		* @type {Array}
		*/
		this.xssSafeVars = [];
		/**
		* 转义类型
		* @type {Array}
		*/
		this.escapeMap = [];
		/**
		* 是否进行XSS自动修复
		* @var unknown_type
		*/
		this.pattern = '';
		/**
		* 是否进行XSS自动修复
		* @type {Boolean}
		*/
		this.isXssAutoFixed = true;
		/**
		* XSS自动修复所需变量
		* @var unknown_type
		*/
		/**
		* XSS自动修复所需变量
		* @type {Object}
		*/
		this.xss_auto_fixed = {
		@@ -99,7 +119,7 @@ //当前解析到的文件的内容
		if(!content_flag){
		this.xss_result['error'] = 'There has no content param';
		this.xss_result['error'] = 'There has no fileContent param!';
		return this.xss_result;
		}
		//需要对正则处理
		this._pattern = _.preg_quote(this.leftDelimiter, '/') + '\\s\\$(.?)\\s*'
		this.pattern = _.preg_quote(this.leftDelimiter, '/') + '\\s\\$(.?)\\s*'
		+ _.preg_quote(this.rightDelimiter, '/');
		@@ -264,6 +284,6 @@ this.xss_auto_fixed['tpl_var_pattern'] = '/(\\[^\\\|]+)(.*?)/ies';
		//寻找模板变量
		var matches = content.match(new RegExp(this._pattern,'g'));
		var matches = content.match(new RegExp(this.pattern,'g'));
		if(!matches){return}
		var wraperContent = content;
		var _pattern = this._pattern;
		var pattern = this.pattern;
		var tpl_name = '';
		@@ -274,3 +294,3 @@ var index = -1;
		content = matches[i];
		var p = new RegExp(_pattern,'g');
		var p = new RegExp(pattern,'g');
		var r = p.exec(content);
		@@ -650,3 +670,3 @@ var value = r[1];
		XSS.prototype.delNoEscape = function(content) {
		if(_.empty(this.escapeMap['no_escape'])) {
		if(this.escapeMap['no_escape']) {
		var reg = _.str_replace(
		@@ -653,0 +673,0 @@ ['LEFT', 'RIGHT'],

package.json

		@@ -5,3 +5,3 @@ {
		"main": "lib/xss.js",
		"version": "0.0.1",
		"version": "0.0.2",
		"author": {
		@@ -17,6 +17,3 @@ "name": "FIS Team",
		"node": ">= 0.8.0"
		},
		"dependencies" : {
		"commander" : "1.1.1"
		}
		}

smarty-xssrepair - npm Package Compare versions

Improved metrics

Dependency changes