validator
Advanced tools
Comparing version 0.3.4 to 0.3.5
@@ -76,3 +76,3 @@ //This module is adapted from the CodeIgniter framework | ||
//We only convert entities that are within tags since these are the ones that will pose security problems. | ||
str = str.replace(/[a-z]+=([\'\"]).*?\\1/gi, function(m, match) { | ||
str = str.replace(/[a-z]+=([\'\"]).*?\1/gi, function(m, match) { | ||
return m.replace(match, convert_attribute(match)); | ||
@@ -115,5 +115,5 @@ }); | ||
if (str.match(/<a/i)) { | ||
str = str.replace(/<a\\s+([^>]*?)(>|$)/gi, function(m, attributes, end_tag) { | ||
str = str.replace(/<a\s+([^>]*?)(>|$)/gi, function(m, attributes, end_tag) { | ||
attributes = filter_attributes(attributes.replace('<','').replace('>','')); | ||
return m.replace(attributes, attributes.replace(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\\s*,)/gi, '')); | ||
return m.replace(attributes, attributes.replace(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi, '')); | ||
}); | ||
@@ -123,5 +123,5 @@ } | ||
if (str.match(/<img/i)) { | ||
str = str.replace(/<img\\s+([^>]*?)(\\s?\/?>|$)/gi, function(m, attributes, end_tag) { | ||
str = str.replace(/<img\s+([^>]*?)(\s?\/?>|$)/gi, function(m, attributes, end_tag) { | ||
attributes = filter_attributes(attributes.replace('<','').replace('>','')); | ||
return m.replace(attributes, attributes.replace(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\\s*,)/gi, '')); | ||
return m.replace(attributes, attributes.replace(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi, '')); | ||
}); | ||
@@ -163,3 +163,3 @@ } | ||
//Becomes: eval('some code') | ||
str = str.replace(/(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\\s*)\((.*?)\)/gi, '$1$2($3)'); | ||
str = str.replace(/(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)/gi, '$1$2($3)'); | ||
@@ -202,3 +202,3 @@ //This adds a bit of extra precaution in case something got through the above filters | ||
str.replace(/\\s*[a-z\-]+\\s*=\\s*(?:\042|\047)(?:[^\\1]*?)\\1/gi, function(m) { | ||
str.replace(/\s*[a-z\-]+\s*=\s*(?:\042|\047)(?:[^\1]*?)\1/gi, function(m) { | ||
$out += m.replace(/\/\*.*?\*\//g, ''); | ||
@@ -205,0 +205,0 @@ }); |
{ "name" : "validator", | ||
"description" : "Data validation, filtering and sanitization for node.js", | ||
"version" : "0.3.4", | ||
"version" : "0.3.5", | ||
"homepage" : "http://github.com/chriso/node-validator", | ||
@@ -5,0 +5,0 @@ "keywords" : ["validator", "validation", "assert", "params", "sanitization", "xss", "entities", "sanitize", "sanitisation", "input"], |
@@ -23,2 +23,2 @@ /*! | ||
*/ | ||
(function(a){function l(a){out="",a.replace(/\\s*[a-z\-]+\\s*=\\s*(?:\042|\047)(?:[^\\1]*?)\\1/gi,function(a){$out+=a.replace(/\/\*.*?\*\//g,"")});return out}function k(a){return a.replace(">",">").replace("<","<").replace("\\","\\\\")}function j(){return"!*$^#(@*#&"}function i(a){for(var b in g)a=a.replace(g[b],"");return a}var b={' ':'\u00a0','¡':'\u00a1','¢':'\u00a2','£':'\u00a3','¤':'\u20ac','¥':'\u00a5','¦':'\u0160','§':'\u00a7','¨':'\u0161','©':'\u00a9','ª':'\u00aa','«':'\u00ab','¬':'\u00ac','­':'\u00ad','®':'\u00ae','¯':'\u00af','°':'\u00b0','±':'\u00b1','²':'\u00b2','³':'\u00b3','´':'\u017d','µ':'\u00b5','¶':'\u00b6','·':'\u00b7','¸':'\u017e','¹':'\u00b9','º':'\u00ba','»':'\u00bb','¼':'\u0152','½':'\u0153','¾':'\u0178','¿':'\u00bf','À':'\u00c0','Á':'\u00c1','Â':'\u00c2','Ã':'\u00c3','Ä':'\u00c4','Å':'\u00c5','Æ':'\u00c6','Ç':'\u00c7','È':'\u00c8','É':'\u00c9','Ê':'\u00ca','Ë':'\u00cb','Ì':'\u00cc','Í':'\u00cd','Î':'\u00ce','Ï':'\u00cf','Ð':'\u00d0','Ñ':'\u00d1','Ò':'\u00d2','Ó':'\u00d3','Ô':'\u00d4','Õ':'\u00d5','Ö':'\u00d6','×':'\u00d7','Ø':'\u00d8','Ù':'\u00d9','Ú':'\u00da','Û':'\u00db','Ü':'\u00dc','Ý':'\u00dd','Þ':'\u00de','ß':'\u00df','à':'\u00e0','á':'\u00e1','â':'\u00e2','ã':'\u00e3','ä':'\u00e4','å':'\u00e5','æ':'\u00e6','ç':'\u00e7','è':'\u00e8','é':'\u00e9','ê':'\u00ea','ë':'\u00eb','ì':'\u00ec','í':'\u00ed','î':'\u00ee','ï':'\u00ef','ð':'\u00f0','ñ':'\u00f1','ò':'\u00f2','ó':'\u00f3','ô':'\u00f4','õ':'\u00f5','ö':'\u00f6','÷':'\u00f7','ø':'\u00f8','ù':'\u00f9','ú':'\u00fa','û':'\u00fb','ü':'\u00fc','ý':'\u00fd','þ':'\u00fe','ÿ':'\u00ff','"':'\u0022','<':'\u003c','>':'\u003e',''':'\u0027','−':'\u2212','ˆ':'\u02c6','˜':'\u02dc','Š':'\u0160','‹':'\u2039','Œ':'\u0152','‘':'\u2018','’':'\u2019','“':'\u201c','”':'\u201d','•':'\u2022','–':'\u2013','—':'\u2014','™':'\u2122','š':'\u0161','›':'\u203a','œ':'\u0153','Ÿ':'\u0178','ƒ':'\u0192','Α':'\u0391','Β':'\u0392','Γ':'\u0393','Δ':'\u0394','Ε':'\u0395','Ζ':'\u0396','Η':'\u0397','Θ':'\u0398','Ι':'\u0399','Κ':'\u039a','Λ':'\u039b','Μ':'\u039c','Ν':'\u039d','Ξ':'\u039e','Ο':'\u039f','Π':'\u03a0','Ρ':'\u03a1','Σ':'\u03a3','Τ':'\u03a4','Υ':'\u03a5','Φ':'\u03a6','Χ':'\u03a7','Ψ':'\u03a8','Ω':'\u03a9','α':'\u03b1','β':'\u03b2','γ':'\u03b3','δ':'\u03b4','ε':'\u03b5','ζ':'\u03b6','η':'\u03b7','θ':'\u03b8','ι':'\u03b9','κ':'\u03ba','λ':'\u03bb','μ':'\u03bc','ν':'\u03bd','ξ':'\u03be','ο':'\u03bf','π':'\u03c0','ρ':'\u03c1','ς':'\u03c2','σ':'\u03c3','τ':'\u03c4','υ':'\u03c5','φ':'\u03c6','χ':'\u03c7','ψ':'\u03c8','ω':'\u03c9','ϑ':'\u03d1','ϒ':'\u03d2','ϖ':'\u03d6',' ':'\u2002',' ':'\u2003',' ':'\u2009','‌':'\u200c','‍':'\u200d','‎':'\u200e','‏':'\u200f','‚':'\u201a','„':'\u201e','†':'\u2020','‡':'\u2021','…':'\u2026','‰':'\u2030','′':'\u2032','″':'\u2033','‾':'\u203e','⁄':'\u2044','€':'\u20ac','ℑ':'\u2111','℘':'\u2118','ℜ':'\u211c','ℵ':'\u2135','←':'\u2190','↑':'\u2191','→':'\u2192','↓':'\u2193','↔':'\u2194','↵':'\u21b5','⇐':'\u21d0','⇑':'\u21d1','⇒':'\u21d2','⇓':'\u21d3','⇔':'\u21d4','∀':'\u2200','∂':'\u2202','∃':'\u2203','∅':'\u2205','∇':'\u2207','∈':'\u2208','∉':'\u2209','∋':'\u220b','∏':'\u220f','∑':'\u2211','∗':'\u2217','√':'\u221a','∝':'\u221d','∞':'\u221e','∠':'\u2220','∧':'\u2227','∨':'\u2228','∩':'\u2229','∪':'\u222a','∫':'\u222b','∴':'\u2234','∼':'\u223c','≅':'\u2245','≈':'\u2248','≠':'\u2260','≡':'\u2261','≤':'\u2264','≥':'\u2265','⊂':'\u2282','⊃':'\u2283','⊄':'\u2284','⊆':'\u2286','⊇':'\u2287','⊕':'\u2295','⊗':'\u2297','⊥':'\u22a5','⋅':'\u22c5','⌈':'\u2308','⌉':'\u2309','⌊':'\u230a','⌋':'\u230b','⟨':'\u2329','⟩':'\u232a','◊':'\u25ca','♠':'\u2660','♣':'\u2663','♥':'\u2665','♦':'\u2666'},c=function(a){if(!~a.indexOf("&"))return a;for(var c in b)a=a.replace(new RegExp(c,"g"),b[c]);a=a.replace(/&#x(0*[0-9a-f]{2,5});?/gi,function(a,b){return String.fromCharCode(parseInt(+b,16))}),a=a.replace(/&#([0-9]{2,4});?/gi,function(a,b){return String.fromCharCode(+b)}),a=a.replace(/&/g,"&");return a},d=function(a){a=a.replace(/&/g,"&"),a=a.replace(/'/g,"'");for(var c in b)a=a.replace(new RegExp(b[c],"g"),c);return a};a.entities={encode:d,decode:c};var e={"document.cookie":"[removed]","document.write":"[removed]",".parentNode":"[removed]",".innerHTML":"[removed]","window.location":"[removed]","-moz-binding":"[removed]","<!--":"<!--","-->":"-->","<![CDATA[":"<![CDATA["},f={"javascript\\s*:":"[removed]","expression\\s*(\\(|&\\#40;)":"[removed]","vbscript\\s*:":"[removed]","Redirect\\s+302":"[removed]"},g=[/%0[0-8bcef]/g,/%1[0-9a-f]/g,/[\x00-\x08]/g,/\x0b/g,/\x0c/g,/[\x0e-\x1f]/g],h=["javascript","expression","vbscript","script","applet","alert","document","write","cookie","window"];a.xssClean=function(b,c){if(b instanceof Array||typeof b=="object"){for(var d in b)b[d]=a.xssClean(b[d]);return b}b=i(b),b=b.replace(/\&([a-z\_0-9]+)\=([a-z\_0-9]+)/i,j()+"$1=$2"),b=b.replace(/(&\#?[0-9a-z]{2,})([\x00-\x20])*;?/i,"$1;$2"),b=b.replace(/(&\#x?)([0-9A-F]+);?/i,"$1;$2"),b=b.replace(j(),"&"),b=decodeURIComponent(b),b=b.replace(/[a-z]+=([\'\"]).*?\\1/gi,function(a,b){return a.replace(b,k(b))}),b=i(b),b=b.replace("\t"," ");var g=b;for(var d in e)b=b.replace(d,e[d]);for(var d in f)b=b.replace(new RegExp(d,"i"),f[d]);for(var d in h){var m=h[d].split("").join("\\s*")+"\\s*";b=b.replace(new RegExp("("+m+")(\\W)","ig"),function(a,b,c){return b.replace(/\s+/g,"")+c})}do{var n=b;b.match(/<a/i)&&(b=b.replace(/<a\\s+([^>]*?)(>|$)/gi,function(a,b,c){b=l(b.replace("<","").replace(">",""));return a.replace(b,b.replace(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\\s*,)/gi,""))})),b.match(/<img/i)&&(b=b.replace(/<img\\s+([^>]*?)(\\s?\/?>|$)/gi,function(a,b,c){b=l(b.replace("<","").replace(">",""));return a.replace(b,b.replace(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\\s*,)/gi,""))}));if(b.match(/script/i)||b.match(/xss/i))b=b.replace(/<(\/*)(script|xss)(.*?)\>/gi,"[removed]")}while(n!=b);event_handlers=["[^a-z_-]onw*"],c||event_handlers.push("xmlns"),b=b.replace(new RegExp("<([^><]+?)("+event_handlers.join("|")+")(\\s*=\\s*[^><]*)([><]*)","i"),"<$1$4"),naughty="alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss",b=b.replace(new RegExp("<(/*\\s*)("+naughty+")([^><]*)([><]*)","gi"),function(a,b,c,d,e){return"<"+b+c+d+e.replace(">",">").replace("<","<")}),b=b.replace(/(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\\s*)\((.*?)\)/gi,"$1$2($3)");for(var d in e)b=b.replace(d,e[d]);for(var d in f)b=b.replace(new RegExp(d,"i"),f[d]);if(c&&b!==g)throw new Error("Image may contain XSS");return b};var m=a.Validator=function(){};m.prototype.check=function(a,b){this.str=a==null||isNaN(a)&&a.length==undefined?"":a+"",this.msg=b,this._errors=[];return this},m.prototype.validate=m.prototype.check,m.prototype.assert=m.prototype.check,m.prototype.error=function(a){throw new Error(a)},m.prototype.isEmail=function(){return this.str.match(/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-](?!\.)){0,61}[a-zA-Z0-9]?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9\-](?!$)){0,61}[a-zA-Z0-9]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/)?this:this.error(this.msg||"Invalid email")},m.prototype.isUrl=function(){return this.str.match(/^(?:(?:ht|f)tp(?:s?)\:\/\/|~\/|\/)?(?:\w+:\w+@)?((?:(?:[-\w\d{1-3}]+\.)+(?:com|org|net|gov|mil|biz|info|mobi|name|aero|jobs|edu|co\.uk|ac\.uk|it|fr|tv|museum|asia|local|travel|[a-z]{2}))|((\b25[0-5]\b|\b[2][0-4][0-9]\b|\b[0-1]?[0-9]?[0-9]\b)(\.(\b25[0-5]\b|\b[2][0-4][0-9]\b|\b[0-1]?[0-9]?[0-9]\b)){3}))(?::[\d]{1,5})?(?:(?:(?:\/(?:[-\w~!$+|.,=]|%[a-f\d]{2})+)+|\/)+|\?|#)?(?:(?:\?(?:[-\w~!$+|.,*:]|%[a-f\d{2}])+=?(?:[-\w~!$+|.,*:=]|%[a-f\d]{2})*)(?:&(?:[-\w~!$+|.,*:]|%[a-f\d{2}])+=?(?:[-\w~!$+|.,*:=]|%[a-f\d]{2})*)*)*(?:#(?:[-\w~!$ |\/.,*:;=]|%[a-f\d]{2})*)?$/i)?this:this.error(this.msg||"Invalid URL")},m.prototype.isIP=function(){return this.str.match(/^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/)?this:this.error(this.msg||"Invalid IP")},m.prototype.isAlpha=function(){return this.str.match(/^[a-zA-Z]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isAlphanumeric=function(){return this.str.match(/^[a-zA-Z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isNumeric=function(){return this.str.match(/^-?[0-9]+$/)?this:this.error(this.msg||"Invalid number")},m.prototype.isLowercase=function(){return this.str.match(/^[a-z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isUppercase=function(){return this.str.match(/^[A-Z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isInt=function(){return this.str.match(/^(?:-?(?:0|[1-9][0-9]*))$/)?this:this.error(this.msg||"Invalid integer")},m.prototype.isDecimal=function(){return this.str.match(/^(?:-?(?:0|[1-9][0-9]*))?(?:\.[0-9]*)?$/)?this:this.error(this.msg||"Invalid decimal")},m.prototype.isFloat=function(){return this.isDecimal()},m.prototype.notNull=function(){return this.str===""?this.error(this.msg||"Invalid characters"):this},m.prototype.isNull=function(){return this.str!==""?this.error(this.msg||"Invalid characters"):this},m.prototype.notEmpty=function(){return this.str.match(/^[\s\t\r\n]*$/)?this.error(this.msg||"String is whitespace"):this},m.prototype.equals=function(a){return this.str!=a?this.error(this.msg||"Not equal"):this},m.prototype.contains=function(a){return this.str.indexOf(a)===-1?this.error(this.msg||"Invalid characters"):this},m.prototype.notContains=function(a){return this.str.indexOf(a)>=0?this.error(this.msg||"Invalid characters"):this},m.prototype.regex=m.prototype.is=function(a,b){typeof a!="function"&&(a=new RegExp(a,b));return this.str.match(a)?this:this.error(this.msg||"Invalid characters")},m.prototype.notRegex=m.prototype.not=function(a,b){typeof a!="function"&&(a=new RegExp(a,b)),this.str.match(a)&&this.error(this.msg||"Invalid characters");return this},m.prototype.len=function(a,b){this.str.length<a&&this.error(this.msg||"String is too small");return typeof b!==undefined&&this.str.length>b?this.error(this.msg||"String is too large"):this},m.prototype.isUUID=function(a){a==3||a=="v3"?pattern=/[0-9A-F]{8}-[0-9A-F]{4}-3[0-9A-F]{3}-[0-9A-F]{4}-[0-9A-F]{12}$/i:a==4||a=="v4"?pattern=/[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i:pattern=/[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}$/i;return this.str.match(pattern)?this:this.error(this.msg||"Not a UUID")},m.prototype.isDate=function(){var a=Date.parse(this.str);return isNaN(a)?this.error(this.msg||"Not a date"):this},m.prototype.isIn=function(a){return a&&typeof a.indexOf=="function"?~a.indexOf(this.str)?this:this.error(this.msg||"Unexpected value"):this.error(this.msg||"Invalid in() argument")},m.prototype.notIn=function(a){return a&&typeof a.indexOf=="function"?a.indexOf(this.str)!==-1?this.error(this.msg||"Unexpected value"):this:this.error(this.msg||"Invalid notIn() argument")},m.prototype.min=function(a){var b=parseFloat(this.str);return!isNaN(b)&&b<a?this.error(this.msg||"Invalid number"):this},m.prototype.max=function(a){var b=parseFloat(this.str);return!isNaN(b)&&b>a?this.error(this.msg||"Invalid number"):this},m.prototype.isArray=function(){return Array.isArray(this.str)?this:this.error(this.msg||"Not an array")};var n=a.Filter=function(){},o="\\r\\n\\t\\s";n.prototype.modify=function(a){this.str=a},n.prototype.convert=n.prototype.sanitize=function(a){this.str=a;return this},n.prototype.xss=function(a){this.modify(xssClean(this.str,a));return this.str},n.prototype.entityDecode=function(){this.modify(c(this.str));return this.str},n.prototype.entityEncode=function(){this.modify(d(this.str));return this.str},n.prototype.ltrim=function(a){a=a||o,this.modify(this.str.replace(new RegExp("^["+a+"]+","g"),""));return this.str},n.prototype.rtrim=function(a){a=a||o,this.modify(this.str.replace(new RegExp("["+a+"]+$","g"),""));return this.str},n.prototype.trim=function(a){a=a||o,this.modify(this.str.replace(new RegExp("^["+a+"]+|["+a+"]+$","g"),""));return this.str},n.prototype.ifNull=function(a){(!this.str||this.str==="")&&this.modify(a);return this.str},n.prototype.toFloat=function(){this.modify(parseFloat(this.str));return this.str},n.prototype.toInt=function(a){a=a||10,this.modify(parseInt(this.str),a);return this.str},n.prototype.toBoolean=function(){!this.str||this.str=="0"||this.str=="false"||this.str==""?this.modify(!1):this.modify(!0);return this.str},n.prototype.toBooleanStrict=function(){this.str=="1"||this.str=="true"?this.modify(!0):this.modify(!1);return this.str},a.sanitize=a.convert=function(b){var c=new a.Filter;return c.sanitize(b)},a.check=a.validate=a.assert=function(b,c){var d=new a.Validator;return d.check(b,c)}})(this) | ||
(function(a){function l(a){out="",a.replace(/\\s*[a-z\-]+\\s*=\\s*(?:\042|\047)(?:[^\1]*?)\1/gi,function(a){$out+=a.replace(/\/\*.*?\*\//g,"")});return out}function k(a){return a.replace(">",">").replace("<","<").replace("\\","\\\\")}function j(){return"!*$^#(@*#&"}function i(a){for(var b in g)a=a.replace(g[b],"");return a}var b={' ':'\u00a0','¡':'\u00a1','¢':'\u00a2','£':'\u00a3','¤':'\u20ac','¥':'\u00a5','¦':'\u0160','§':'\u00a7','¨':'\u0161','©':'\u00a9','ª':'\u00aa','«':'\u00ab','¬':'\u00ac','­':'\u00ad','®':'\u00ae','¯':'\u00af','°':'\u00b0','±':'\u00b1','²':'\u00b2','³':'\u00b3','´':'\u017d','µ':'\u00b5','¶':'\u00b6','·':'\u00b7','¸':'\u017e','¹':'\u00b9','º':'\u00ba','»':'\u00bb','¼':'\u0152','½':'\u0153','¾':'\u0178','¿':'\u00bf','À':'\u00c0','Á':'\u00c1','Â':'\u00c2','Ã':'\u00c3','Ä':'\u00c4','Å':'\u00c5','Æ':'\u00c6','Ç':'\u00c7','È':'\u00c8','É':'\u00c9','Ê':'\u00ca','Ë':'\u00cb','Ì':'\u00cc','Í':'\u00cd','Î':'\u00ce','Ï':'\u00cf','Ð':'\u00d0','Ñ':'\u00d1','Ò':'\u00d2','Ó':'\u00d3','Ô':'\u00d4','Õ':'\u00d5','Ö':'\u00d6','×':'\u00d7','Ø':'\u00d8','Ù':'\u00d9','Ú':'\u00da','Û':'\u00db','Ü':'\u00dc','Ý':'\u00dd','Þ':'\u00de','ß':'\u00df','à':'\u00e0','á':'\u00e1','â':'\u00e2','ã':'\u00e3','ä':'\u00e4','å':'\u00e5','æ':'\u00e6','ç':'\u00e7','è':'\u00e8','é':'\u00e9','ê':'\u00ea','ë':'\u00eb','ì':'\u00ec','í':'\u00ed','î':'\u00ee','ï':'\u00ef','ð':'\u00f0','ñ':'\u00f1','ò':'\u00f2','ó':'\u00f3','ô':'\u00f4','õ':'\u00f5','ö':'\u00f6','÷':'\u00f7','ø':'\u00f8','ù':'\u00f9','ú':'\u00fa','û':'\u00fb','ü':'\u00fc','ý':'\u00fd','þ':'\u00fe','ÿ':'\u00ff','"':'\u0022','<':'\u003c','>':'\u003e',''':'\u0027','−':'\u2212','ˆ':'\u02c6','˜':'\u02dc','Š':'\u0160','‹':'\u2039','Œ':'\u0152','‘':'\u2018','’':'\u2019','“':'\u201c','”':'\u201d','•':'\u2022','–':'\u2013','—':'\u2014','™':'\u2122','š':'\u0161','›':'\u203a','œ':'\u0153','Ÿ':'\u0178','ƒ':'\u0192','Α':'\u0391','Β':'\u0392','Γ':'\u0393','Δ':'\u0394','Ε':'\u0395','Ζ':'\u0396','Η':'\u0397','Θ':'\u0398','Ι':'\u0399','Κ':'\u039a','Λ':'\u039b','Μ':'\u039c','Ν':'\u039d','Ξ':'\u039e','Ο':'\u039f','Π':'\u03a0','Ρ':'\u03a1','Σ':'\u03a3','Τ':'\u03a4','Υ':'\u03a5','Φ':'\u03a6','Χ':'\u03a7','Ψ':'\u03a8','Ω':'\u03a9','α':'\u03b1','β':'\u03b2','γ':'\u03b3','δ':'\u03b4','ε':'\u03b5','ζ':'\u03b6','η':'\u03b7','θ':'\u03b8','ι':'\u03b9','κ':'\u03ba','λ':'\u03bb','μ':'\u03bc','ν':'\u03bd','ξ':'\u03be','ο':'\u03bf','π':'\u03c0','ρ':'\u03c1','ς':'\u03c2','σ':'\u03c3','τ':'\u03c4','υ':'\u03c5','φ':'\u03c6','χ':'\u03c7','ψ':'\u03c8','ω':'\u03c9','ϑ':'\u03d1','ϒ':'\u03d2','ϖ':'\u03d6',' ':'\u2002',' ':'\u2003',' ':'\u2009','‌':'\u200c','‍':'\u200d','‎':'\u200e','‏':'\u200f','‚':'\u201a','„':'\u201e','†':'\u2020','‡':'\u2021','…':'\u2026','‰':'\u2030','′':'\u2032','″':'\u2033','‾':'\u203e','⁄':'\u2044','€':'\u20ac','ℑ':'\u2111','℘':'\u2118','ℜ':'\u211c','ℵ':'\u2135','←':'\u2190','↑':'\u2191','→':'\u2192','↓':'\u2193','↔':'\u2194','↵':'\u21b5','⇐':'\u21d0','⇑':'\u21d1','⇒':'\u21d2','⇓':'\u21d3','⇔':'\u21d4','∀':'\u2200','∂':'\u2202','∃':'\u2203','∅':'\u2205','∇':'\u2207','∈':'\u2208','∉':'\u2209','∋':'\u220b','∏':'\u220f','∑':'\u2211','∗':'\u2217','√':'\u221a','∝':'\u221d','∞':'\u221e','∠':'\u2220','∧':'\u2227','∨':'\u2228','∩':'\u2229','∪':'\u222a','∫':'\u222b','∴':'\u2234','∼':'\u223c','≅':'\u2245','≈':'\u2248','≠':'\u2260','≡':'\u2261','≤':'\u2264','≥':'\u2265','⊂':'\u2282','⊃':'\u2283','⊄':'\u2284','⊆':'\u2286','⊇':'\u2287','⊕':'\u2295','⊗':'\u2297','⊥':'\u22a5','⋅':'\u22c5','⌈':'\u2308','⌉':'\u2309','⌊':'\u230a','⌋':'\u230b','⟨':'\u2329','⟩':'\u232a','◊':'\u25ca','♠':'\u2660','♣':'\u2663','♥':'\u2665','♦':'\u2666'},c=function(a){if(!~a.indexOf("&"))return a;for(var c in b)a=a.replace(new RegExp(c,"g"),b[c]);a=a.replace(/&#x(0*[0-9a-f]{2,5});?/gi,function(a,b){return String.fromCharCode(parseInt(+b,16))}),a=a.replace(/&#([0-9]{2,4});?/gi,function(a,b){return String.fromCharCode(+b)}),a=a.replace(/&/g,"&");return a},d=function(a){a=a.replace(/&/g,"&"),a=a.replace(/'/g,"'");for(var c in b)a=a.replace(new RegExp(b[c],"g"),c);return a};a.entities={encode:d,decode:c};var e={"document.cookie":"[removed]","document.write":"[removed]",".parentNode":"[removed]",".innerHTML":"[removed]","window.location":"[removed]","-moz-binding":"[removed]","<!--":"<!--","-->":"-->","<![CDATA[":"<![CDATA["},f={"javascript\\s*:":"[removed]","expression\\s*(\\(|&\\#40;)":"[removed]","vbscript\\s*:":"[removed]","Redirect\\s+302":"[removed]"},g=[/%0[0-8bcef]/g,/%1[0-9a-f]/g,/[\x00-\x08]/g,/\x0b/g,/\x0c/g,/[\x0e-\x1f]/g],h=["javascript","expression","vbscript","script","applet","alert","document","write","cookie","window"];a.xssClean=function(b,c){if(b instanceof Array||typeof b=="object"){for(var d in b)b[d]=a.xssClean(b[d]);return b}b=i(b),b=b.replace(/\&([a-z\_0-9]+)\=([a-z\_0-9]+)/i,j()+"$1=$2"),b=b.replace(/(&\#?[0-9a-z]{2,})([\x00-\x20])*;?/i,"$1;$2"),b=b.replace(/(&\#x?)([0-9A-F]+);?/i,"$1;$2"),b=b.replace(j(),"&"),b=decodeURIComponent(b),b=b.replace(/[a-z]+=([\'\"]).*?\1/gi,function(a,b){return a.replace(b,k(b))}),b=i(b),b=b.replace("\t"," ");var g=b;for(var d in e)b=b.replace(d,e[d]);for(var d in f)b=b.replace(new RegExp(d,"i"),f[d]);for(var d in h){var m=h[d].split("").join("\\s*")+"\\s*";b=b.replace(new RegExp("("+m+")(\\W)","ig"),function(a,b,c){return b.replace(/\s+/g,"")+c})}do{var n=b;b.match(/<a/i)&&(b=b.replace(/<a\s+([^>]*?)(>|$)/gi,function(a,b,c){b=l(b.replace("<","").replace(">",""));return a.replace(b,b.replace(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi,""))})),b.match(/<img/i)&&(b=b.replace(/<img\s+([^>]*?)(\s?\/?>|$)/gi,function(a,b,c){b=l(b.replace("<","").replace(">",""));return a.replace(b,b.replace(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi,""))}));if(b.match(/script/i)||b.match(/xss/i))b=b.replace(/<(\/*)(script|xss)(.*?)\>/gi,"[removed]")}while(n!=b);event_handlers=["[^a-z_-]onw*"],c||event_handlers.push("xmlns"),b=b.replace(new RegExp("<([^><]+?)("+event_handlers.join("|")+")(\\s*=\\s*[^><]*)([><]*)","i"),"<$1$4"),naughty="alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss",b=b.replace(new RegExp("<(/*\\s*)("+naughty+")([^><]*)([><]*)","gi"),function(a,b,c,d,e){return"<"+b+c+d+e.replace(">",">").replace("<","<")}),b=b.replace(/(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)/gi,"$1$2($3)");for(var d in e)b=b.replace(d,e[d]);for(var d in f)b=b.replace(new RegExp(d,"i"),f[d]);if(c&&b!==g)throw new Error("Image may contain XSS");return b};var m=a.Validator=function(){};m.prototype.check=function(a,b){this.str=a==null||isNaN(a)&&a.length==undefined?"":a+"",this.msg=b,this._errors=[];return this},m.prototype.validate=m.prototype.check,m.prototype.assert=m.prototype.check,m.prototype.error=function(a){throw new Error(a)},m.prototype.isEmail=function(){return this.str.match(/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-](?!\.)){0,61}[a-zA-Z0-9]?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9\-](?!$)){0,61}[a-zA-Z0-9]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/)?this:this.error(this.msg||"Invalid email")},m.prototype.isUrl=function(){return this.str.match(/^(?:(?:ht|f)tp(?:s?)\:\/\/|~\/|\/)?(?:\w+:\w+@)?((?:(?:[-\w\d{1-3}]+\.)+(?:com|org|net|gov|mil|biz|info|mobi|name|aero|jobs|edu|co\.uk|ac\.uk|it|fr|tv|museum|asia|local|travel|[a-z]{2}))|((\b25[0-5]\b|\b[2][0-4][0-9]\b|\b[0-1]?[0-9]?[0-9]\b)(\.(\b25[0-5]\b|\b[2][0-4][0-9]\b|\b[0-1]?[0-9]?[0-9]\b)){3}))(?::[\d]{1,5})?(?:(?:(?:\/(?:[-\w~!$+|.,=]|%[a-f\d]{2})+)+|\/)+|\?|#)?(?:(?:\?(?:[-\w~!$+|.,*:]|%[a-f\d{2}])+=?(?:[-\w~!$+|.,*:=]|%[a-f\d]{2})*)(?:&(?:[-\w~!$+|.,*:]|%[a-f\d{2}])+=?(?:[-\w~!$+|.,*:=]|%[a-f\d]{2})*)*)*(?:#(?:[-\w~!$ |\/.,*:;=]|%[a-f\d]{2})*)?$/i)?this:this.error(this.msg||"Invalid URL")},m.prototype.isIP=function(){return this.str.match(/^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/)?this:this.error(this.msg||"Invalid IP")},m.prototype.isAlpha=function(){return this.str.match(/^[a-zA-Z]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isAlphanumeric=function(){return this.str.match(/^[a-zA-Z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isNumeric=function(){return this.str.match(/^-?[0-9]+$/)?this:this.error(this.msg||"Invalid number")},m.prototype.isLowercase=function(){return this.str.match(/^[a-z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isUppercase=function(){return this.str.match(/^[A-Z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isInt=function(){return this.str.match(/^(?:-?(?:0|[1-9][0-9]*))$/)?this:this.error(this.msg||"Invalid integer")},m.prototype.isDecimal=function(){return this.str.match(/^(?:-?(?:0|[1-9][0-9]*))?(?:\.[0-9]*)?$/)?this:this.error(this.msg||"Invalid decimal")},m.prototype.isFloat=function(){return this.isDecimal()},m.prototype.notNull=function(){return this.str===""?this.error(this.msg||"Invalid characters"):this},m.prototype.isNull=function(){return this.str!==""?this.error(this.msg||"Invalid characters"):this},m.prototype.notEmpty=function(){return this.str.match(/^[\s\t\r\n]*$/)?this.error(this.msg||"String is whitespace"):this},m.prototype.equals=function(a){return this.str!=a?this.error(this.msg||"Not equal"):this},m.prototype.contains=function(a){return this.str.indexOf(a)===-1?this.error(this.msg||"Invalid characters"):this},m.prototype.notContains=function(a){return this.str.indexOf(a)>=0?this.error(this.msg||"Invalid characters"):this},m.prototype.regex=m.prototype.is=function(a,b){typeof a!="function"&&(a=new RegExp(a,b));return this.str.match(a)?this:this.error(this.msg||"Invalid characters")},m.prototype.notRegex=m.prototype.not=function(a,b){typeof a!="function"&&(a=new RegExp(a,b)),this.str.match(a)&&this.error(this.msg||"Invalid characters");return this},m.prototype.len=function(a,b){this.str.length<a&&this.error(this.msg||"String is too small");return typeof b!==undefined&&this.str.length>b?this.error(this.msg||"String is too large"):this},m.prototype.isUUID=function(a){a==3||a=="v3"?pattern=/[0-9A-F]{8}-[0-9A-F]{4}-3[0-9A-F]{3}-[0-9A-F]{4}-[0-9A-F]{12}$/i:a==4||a=="v4"?pattern=/[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i:pattern=/[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}$/i;return this.str.match(pattern)?this:this.error(this.msg||"Not a UUID")},m.prototype.isDate=function(){var a=Date.parse(this.str);return isNaN(a)?this.error(this.msg||"Not a date"):this},m.prototype.isIn=function(a){return a&&typeof a.indexOf=="function"?~a.indexOf(this.str)?this:this.error(this.msg||"Unexpected value"):this.error(this.msg||"Invalid in() argument")},m.prototype.notIn=function(a){return a&&typeof a.indexOf=="function"?a.indexOf(this.str)!==-1?this.error(this.msg||"Unexpected value"):this:this.error(this.msg||"Invalid notIn() argument")},m.prototype.min=function(a){var b=parseFloat(this.str);return!isNaN(b)&&b<a?this.error(this.msg||"Invalid number"):this},m.prototype.max=function(a){var b=parseFloat(this.str);return!isNaN(b)&&b>a?this.error(this.msg||"Invalid number"):this},m.prototype.isArray=function(){return Array.isArray(this.str)?this:this.error(this.msg||"Not an array")};var n=a.Filter=function(){},o="\\r\\n\\t\\s";n.prototype.modify=function(a){this.str=a},n.prototype.convert=n.prototype.sanitize=function(a){this.str=a;return this},n.prototype.xss=function(a){this.modify(xssClean(this.str,a));return this.str},n.prototype.entityDecode=function(){this.modify(c(this.str));return this.str},n.prototype.entityEncode=function(){this.modify(d(this.str));return this.str},n.prototype.ltrim=function(a){a=a||o,this.modify(this.str.replace(new RegExp("^["+a+"]+","g"),""));return this.str},n.prototype.rtrim=function(a){a=a||o,this.modify(this.str.replace(new RegExp("["+a+"]+$","g"),""));return this.str},n.prototype.trim=function(a){a=a||o,this.modify(this.str.replace(new RegExp("^["+a+"]+|["+a+"]+$","g"),""));return this.str},n.prototype.ifNull=function(a){(!this.str||this.str==="")&&this.modify(a);return this.str},n.prototype.toFloat=function(){this.modify(parseFloat(this.str));return this.str},n.prototype.toInt=function(a){a=a||10,this.modify(parseInt(this.str),a);return this.str},n.prototype.toBoolean=function(){!this.str||this.str=="0"||this.str=="false"||this.str==""?this.modify(!1):this.modify(!0);return this.str},n.prototype.toBooleanStrict=function(){this.str=="1"||this.str=="true"?this.modify(!0):this.modify(!1);return this.str},a.sanitize=a.convert=function(b){var c=new a.Filter;return c.sanitize(b)},a.check=a.validate=a.assert=function(b,c){var d=new a.Validator;return d.check(b,c)}})(this) |
@@ -391,3 +391,3 @@ /*! | ||
//We only convert entities that are within tags since these are the ones that will pose security problems. | ||
str = str.replace(/[a-z]+=([\'\"]).*?\\1/gi, function(m, match) { | ||
str = str.replace(/[a-z]+=([\'\"]).*?\1/gi, function(m, match) { | ||
return m.replace(match, convert_attribute(match)); | ||
@@ -430,5 +430,5 @@ }); | ||
if (str.match(/<a/i)) { | ||
str = str.replace(/<a\\s+([^>]*?)(>|$)/gi, function(m, attributes, end_tag) { | ||
str = str.replace(/<a\s+([^>]*?)(>|$)/gi, function(m, attributes, end_tag) { | ||
attributes = filter_attributes(attributes.replace('<','').replace('>','')); | ||
return m.replace(attributes, attributes.replace(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\\s*,)/gi, '')); | ||
return m.replace(attributes, attributes.replace(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi, '')); | ||
}); | ||
@@ -438,5 +438,5 @@ } | ||
if (str.match(/<img/i)) { | ||
str = str.replace(/<img\\s+([^>]*?)(\\s?\/?>|$)/gi, function(m, attributes, end_tag) { | ||
str = str.replace(/<img\s+([^>]*?)(\s?\/?>|$)/gi, function(m, attributes, end_tag) { | ||
attributes = filter_attributes(attributes.replace('<','').replace('>','')); | ||
return m.replace(attributes, attributes.replace(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\\s*,)/gi, '')); | ||
return m.replace(attributes, attributes.replace(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi, '')); | ||
}); | ||
@@ -478,3 +478,3 @@ } | ||
//Becomes: eval('some code') | ||
str = str.replace(/(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\\s*)\((.*?)\)/gi, '$1$2($3)'); | ||
str = str.replace(/(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)/gi, '$1$2($3)'); | ||
@@ -517,3 +517,3 @@ //This adds a bit of extra precaution in case something got through the above filters | ||
str.replace(/\\s*[a-z\-]+\\s*=\\s*(?:\042|\047)(?:[^\\1]*?)\\1/gi, function(m) { | ||
str.replace(/\s*[a-z\-]+\s*=\s*(?:\042|\047)(?:[^\1]*?)\1/gi, function(m) { | ||
$out += m.replace(/\/\*.*?\*\//g, ''); | ||
@@ -520,0 +520,0 @@ }); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
106499