Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
validator
Advanced tools
validator - npm Package Compare versions
Comparing version 0.4.7 to 0.4.8
@@ -7,8 +7,8 @@ //This module is adapted from the CodeIgniter framework | ||
| var never_allowed_str = { | ||
| 'document.cookie': '[removed]', | ||
| 'document.write': '[removed]', | ||
| '.parentNode': '[removed]', | ||
| '.innerHTML': '[removed]', | ||
| 'window.location': '[removed]', | ||
| '-moz-binding': '[removed]', | ||
| 'document.cookie': '', | ||
| 'document.write': '', | ||
| '.parentNode': '', | ||
| '.innerHTML': '', | ||
| 'window.location': '', | ||
| '-moz-binding': '', | ||
| '<!--': '<!--', | ||
@@ -20,6 +20,6 @@ '-->': '-->', | ||
| var never_allowed_regex = { | ||
| 'javascript\\s*:': '[removed]', | ||
| 'expression\\s*(\\(|&\\#40;)': '[removed]', | ||
| 'vbscript\\s*:': '[removed]', | ||
| 'Redirect\\s+302': '[removed]' | ||
| 'javascript\\s*:': '', | ||
| 'expression\\s*(\\(|&\\#40;)': '', | ||
| 'vbscript\\s*:': '', | ||
| 'Redirect\\s+302': '' | ||
| }; | ||
@@ -55,9 +55,14 @@ | ||
| //Protect query string variables in URLs => 901119URL5918AMP18930PROTECT8198 | ||
| str = str.replace(/\&([a-z\_0-9]+)\=([a-z\_0-9]+)/i, xss_hash() + '$1=$2'); | ||
| var hash; | ||
| do { | ||
| // ensure str does not contain hash before inserting it | ||
| hash = xss_hash(); | ||
| } while(str.indexOf(hash) >= 0) | ||
| str = str.replace(/\&([a-z\_0-9]+)\=([a-z\_0-9]+)/ig, hash + '$1=$2'); | ||
| //Validate UTF16 two byte encoding (x00) - just as above, adds a semicolon if missing. | ||
| str = str.replace(/(&\#x?)([0-9A-F]+);?/i, '$1$2;'); | ||
| str = str.replace(/(&\#x?)([0-9A-F]+);?/ig, '$1$2;'); | ||
| //Un-protect query string variables | ||
| str = str.replace(xss_hash(), '&'); | ||
| str = str.replace(new RegExp(hash, 'g'), '&'); | ||
@@ -115,3 +120,6 @@ //Decode just in case stuff like this is submitted: | ||
| attributes = filter_attributes(attributes.replace('<','').replace('>','')); | ||
| return m.replace(attributes, attributes.replace(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi, '')); | ||
| if (attributes.match(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi)) { | ||
| return m.replace(attributes, ''); | ||
| } | ||
| return m; | ||
| }); | ||
@@ -123,3 +131,6 @@ } | ||
| attributes = filter_attributes(attributes.replace('<','').replace('>','')); | ||
| return m.replace(attributes, attributes.replace(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi, '')); | ||
| if (attributes.match(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi)) { | ||
| return m.replace(attributes, ''); | ||
| } | ||
| return m; | ||
| }); | ||
@@ -126,0 +137,0 @@ } |
| { "name" : "validator", | ||
| "description" : "Data validation, filtering and sanitization for node.js", | ||
| "version" : "0.4.7", | ||
| "version" : "0.4.8", | ||
| "homepage" : "http://github.com/chriso/node-validator", | ||
@@ -5,0 +5,0 @@ "keywords" : ["validator", "validation", "assert", "params", "sanitization", "xss", "entities", "sanitize", "sanitisation", "input"], |
@@ -133,4 +133,8 @@ var node_validator = require('../lib'), | ||
| //Need more tests! | ||
| assert.equal('[removed] foobar', Filter.sanitize('javascript : foobar').xss()); | ||
| assert.equal('[removed] foobar', Filter.sanitize('j a vasc ri pt: foobar').xss()); | ||
| assert.equal(' foobar', Filter.sanitize('javascript : foobar').xss()); | ||
| assert.equal(' foobar', Filter.sanitize('j a vasc ri pt: foobar').xss()); | ||
| assert.equal('<a >some text</a>', Filter.sanitize('<a href="javascript:alert(\'xss\')">some text</a>').xss()); | ||
| var url = 'http://www.example.com/test.php?a=b&b=c&c=d'; | ||
| assert.equal(url, Filter.sanitize(url).xss()); | ||
| }, | ||
@@ -137,0 +141,0 @@ |
@@ -22,2 +22,3 @@ /*! | ||
| * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||
| */(function(a){function i(a){for(var b in g)a=a.replace(g[b],"");return a}function j(){return"!*$^#(@*#&"}function k(a){return a.replace(">",">").replace("<","<").replace("\\","\\\\")}function l(a){return out="",a.replace(/\s*[a-z\-]+\s*=\s*(?:\042|\047)(?:[^\1]*?)\1/gi,function(a){out+=a.replace(/\/\*.*?\*\//g,"")}),out}var b={" ":"\u00a0","¡":"\u00a1","¢":"\u00a2","£":"\u00a3","¤":"\u20ac","¥":"\u00a5","¦":"\u0160","§":"\u00a7","¨":"\u0161","©":"\u00a9","ª":"\u00aa","«":"\u00ab","¬":"\u00ac","­":"\u00ad","®":"\u00ae","¯":"\u00af","°":"\u00b0","±":"\u00b1","²":"\u00b2","³":"\u00b3","´":"\u017d","µ":"\u00b5","¶":"\u00b6","·":"\u00b7","¸":"\u017e","¹":"\u00b9","º":"\u00ba","»":"\u00bb","¼":"\u0152","½":"\u0153","¾":"\u0178","¿":"\u00bf","À":"\u00c0","Á":"\u00c1","Â":"\u00c2","Ã":"\u00c3","Ä":"\u00c4","Å":"\u00c5","Æ":"\u00c6","Ç":"\u00c7","È":"\u00c8","É":"\u00c9","Ê":"\u00ca","Ë":"\u00cb","Ì":"\u00cc","Í":"\u00cd","Î":"\u00ce","Ï":"\u00cf","Ð":"\u00d0","Ñ":"\u00d1","Ò":"\u00d2","Ó":"\u00d3","Ô":"\u00d4","Õ":"\u00d5","Ö":"\u00d6","×":"\u00d7","Ø":"\u00d8","Ù":"\u00d9","Ú":"\u00da","Û":"\u00db","Ü":"\u00dc","Ý":"\u00dd","Þ":"\u00de","ß":"\u00df","à":"\u00e0","á":"\u00e1","â":"\u00e2","ã":"\u00e3","ä":"\u00e4","å":"\u00e5","æ":"\u00e6","ç":"\u00e7","è":"\u00e8","é":"\u00e9","ê":"\u00ea","ë":"\u00eb","ì":"\u00ec","í":"\u00ed","î":"\u00ee","ï":"\u00ef","ð":"\u00f0","ñ":"\u00f1","ò":"\u00f2","ó":"\u00f3","ô":"\u00f4","õ":"\u00f5","ö":"\u00f6","÷":"\u00f7","ø":"\u00f8","ù":"\u00f9","ú":"\u00fa","û":"\u00fb","ü":"\u00fc","ý":"\u00fd","þ":"\u00fe","ÿ":"\u00ff",""":'"',"<":"<",">":">","'":"'","−":"\u2212","ˆ":"\u02c6","˜":"\u02dc","Š":"\u0160","‹":"\u2039","Œ":"\u0152","‘":"\u2018","’":"\u2019","“":"\u201c","”":"\u201d","•":"\u2022","–":"\u2013","—":"\u2014","™":"\u2122","š":"\u0161","›":"\u203a","œ":"\u0153","Ÿ":"\u0178","ƒ":"\u0192","Α":"\u0391","Β":"\u0392","Γ":"\u0393","Δ":"\u0394","Ε":"\u0395","Ζ":"\u0396","Η":"\u0397","Θ":"\u0398","Ι":"\u0399","Κ":"\u039a","Λ":"\u039b","Μ":"\u039c","Ν":"\u039d","Ξ":"\u039e","Ο":"\u039f","Π":"\u03a0","Ρ":"\u03a1","Σ":"\u03a3","Τ":"\u03a4","Υ":"\u03a5","Φ":"\u03a6","Χ":"\u03a7","Ψ":"\u03a8","Ω":"\u03a9","α":"\u03b1","β":"\u03b2","γ":"\u03b3","δ":"\u03b4","ε":"\u03b5","ζ":"\u03b6","η":"\u03b7","θ":"\u03b8","ι":"\u03b9","κ":"\u03ba","λ":"\u03bb","μ":"\u03bc","ν":"\u03bd","ξ":"\u03be","ο":"\u03bf","π":"\u03c0","ρ":"\u03c1","ς":"\u03c2","σ":"\u03c3","τ":"\u03c4","υ":"\u03c5","φ":"\u03c6","χ":"\u03c7","ψ":"\u03c8","ω":"\u03c9","ϑ":"\u03d1","ϒ":"\u03d2","ϖ":"\u03d6"," ":"\u2002"," ":"\u2003"," ":"\u2009","‌":"\u200c","‍":"\u200d","‎":"\u200e","‏":"\u200f","‚":"\u201a","„":"\u201e","†":"\u2020","‡":"\u2021","…":"\u2026","‰":"\u2030","′":"\u2032","″":"\u2033","‾":"\u203e","⁄":"\u2044","€":"\u20ac","ℑ":"\u2111","℘":"\u2118","ℜ":"\u211c","ℵ":"\u2135","←":"\u2190","↑":"\u2191","→":"\u2192","↓":"\u2193","↔":"\u2194","↵":"\u21b5","⇐":"\u21d0","⇑":"\u21d1","⇒":"\u21d2","⇓":"\u21d3","⇔":"\u21d4","∀":"\u2200","∂":"\u2202","∃":"\u2203","∅":"\u2205","∇":"\u2207","∈":"\u2208","∉":"\u2209","∋":"\u220b","∏":"\u220f","∑":"\u2211","∗":"\u2217","√":"\u221a","∝":"\u221d","∞":"\u221e","∠":"\u2220","∧":"\u2227","∨":"\u2228","∩":"\u2229","∪":"\u222a","∫":"\u222b","∴":"\u2234","∼":"\u223c","≅":"\u2245","≈":"\u2248","≠":"\u2260","≡":"\u2261","≤":"\u2264","≥":"\u2265","⊂":"\u2282","⊃":"\u2283","⊄":"\u2284","⊆":"\u2286","⊇":"\u2287","⊕":"\u2295","⊗":"\u2297","⊥":"\u22a5","⋅":"\u22c5","⌈":"\u2308","⌉":"\u2309","⌊":"\u230a","⌋":"\u230b","⟨":"\u2329","⟩":"\u232a","◊":"\u25ca","♠":"\u2660","♣":"\u2663","♥":"\u2665","♦":"\u2666"},c=function(a){if(!~a.indexOf("&"))return a;for(var c in b)a=a.replace(new RegExp(c,"g"),b[c]);return a=a.replace(/&#x(0*[0-9a-f]{2,5});?/gi,function(a,b){return String.fromCharCode(parseInt(+b,16))}),a=a.replace(/&#([0-9]{2,4});?/gi,function(a,b){return String.fromCharCode(+b)}),a=a.replace(/&/g,"&"),a},d=function(a){a=a.replace(/&/g,"&"),a=a.replace(/'/g,"'");for(var c in b)a=a.replace(new RegExp(b[c],"g"),c);return a};a.entities={encode:d,decode:c};var e={"document.cookie":"[removed]","document.write":"[removed]",".parentNode":"[removed]",".innerHTML":"[removed]","window.location":"[removed]","-moz-binding":"[removed]","<!--":"<!--","-->":"-->","<![CDATA[":"<![CDATA["},f={"javascript\\s*:":"[removed]","expression\\s*(\\(|&\\#40;)":"[removed]","vbscript\\s*:":"[removed]","Redirect\\s+302":"[removed]"},g=[/%0[0-8bcef]/g,/%1[0-9a-f]/g,/[\x00-\x08]/g,/\x0b/g,/\x0c/g,/[\x0e-\x1f]/g],h=["javascript","expression","vbscript","script","applet","alert","document","write","cookie","window"];a.xssClean=function(b,c){if(typeof b=="object"){for(var d in b)b[d]=a.xssClean(b[d]);return b}b=i(b),b=b.replace(/\&([a-z\_0-9]+)\=([a-z\_0-9]+)/i,j()+"$1=$2"),b=b.replace(/(&\#?[0-9a-z]{2,})([\x00-\x20])*;?/i,"$1;$2"),b=b.replace(/(&\#x?)([0-9A-F]+);?/i,"$1;$2"),b=b.replace(j(),"&");try{b=decodeURIComponent(b)}catch(g){}b=b.replace(/[a-z]+=([\'\"]).*?\1/gi,function(a,b){return a.replace(b,k(b))}),b=i(b),b=b.replace("\t"," ");var m=b;for(var d in e)b=b.replace(d,e[d]);for(var d in f)b=b.replace(new RegExp(d,"i"),f[d]);for(var d in h){var n=h[d].split("").join("\\s*")+"\\s*";b=b.replace(new RegExp("("+n+")(\\W)","ig"),function(a,b,c){return b.replace(/\s+/g,"")+c})}do{var o=b;b.match(/<a/i)&&(b=b.replace(/<a\s+([^>]*?)(>|$)/gi,function(a,b,c){return b=l(b.replace("<","").replace(">","")),a.replace(b,b.replace(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi,""))})),b.match(/<img/i)&&(b=b.replace(/<img\s+([^>]*?)(\s?\/?>|$)/gi,function(a,b,c){return b=l(b.replace("<","").replace(">","")),a.replace(b,b.replace(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi,""))}));if(b.match(/script/i)||b.match(/xss/i))b=b.replace(/<(\/*)(script|xss)(.*?)\>/gi,"[removed]")}while(o!=b);event_handlers=["[^a-z_-]on\\w*"],c||event_handlers.push("xmlns"),b=b.replace(new RegExp("<([^><]+?)("+event_handlers.join("|")+")(\\s*=\\s*[^><]*)([><]*)","i"),"<$1$4"),naughty="alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss",b=b.replace(new RegExp("<(/*\\s*)("+naughty+")([^><]*)([><]*)","gi"),function(a,b,c,d,e){return"<"+b+c+d+e.replace(">",">").replace("<","<")}),b=b.replace(/(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)/gi,"$1$2($3)");for(var d in e)b=b.replace(d,e[d]);for(var d in f)b=b.replace(new RegExp(d,"i"),f[d]);if(c&&b!==m)throw new Error("Image may contain XSS");return b};var m=a.Validator=function(){};m.prototype.check=function(a,b){return this.str=a==null||isNaN(a)&&a.length==undefined?"":a+"",this.msg=b,this._errors=[],this},m.prototype.validate=m.prototype.check,m.prototype.assert=m.prototype.check,m.prototype.error=function(a){throw new Error(a)},m.prototype.isEmail=function(){return this.str.match(/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-](?!\.)){0,61}[a-zA-Z0-9]?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9\-](?!$)){0,61}[a-zA-Z0-9]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/)?this:this.error(this.msg||"Invalid email")},m.prototype.isCreditCard=function(){return this.str=this.str.replace(/[^0-9]+/g,""),this.str.match(/^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$/)?this:this.error(this.msg||"Invalid credit card")},m.prototype.isUrl=function(){return!this.str.match(/^(?:(?:ht|f)tp(?:s?)\:\/\/|~\/|\/)?(?:\w+:\w+@)?((?:(?:[-\w\d{1-3}]+\.)+(?:com|org|net|gov|mil|biz|info|mobi|name|aero|jobs|edu|co\.uk|ac\.uk|it|fr|tv|museum|asia|local|travel|[a-z]{2}))|((\b25[0-5]\b|\b[2][0-4][0-9]\b|\b[0-1]?[0-9]?[0-9]\b)(\.(\b25[0-5]\b|\b[2][0-4][0-9]\b|\b[0-1]?[0-9]?[0-9]\b)){3}))(?::[\d]{1,5})?(?:(?:(?:\/(?:[-\w~!$+|.,=]|%[a-f\d]{2})+)+|\/)+|\?|#)?(?:(?:\?(?:[-\w~!$+|.,*:]|%[a-f\d{2}])+=?(?:[-\w~!$+|.,*:=]|%[a-f\d]{2})*)(?:&(?:[-\w~!$+|.,*:]|%[a-f\d{2}])+=?(?:[-\w~!$+|.,*:=]|%[a-f\d]{2})*)*)*(?:#(?:[-\w~!$ |\/.,*:;=]|%[a-f\d]{2})*)?$/i)||this.str.length>2083?this.error(this.msg||"Invalid URL"):this},m.prototype.isIP=function(){return this.str.match(/^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/)?this:this.error(this.msg||"Invalid IP")},m.prototype.isAlpha=function(){return this.str.match(/^[a-zA-Z]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isAlphanumeric=function(){return this.str.match(/^[a-zA-Z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isNumeric=function(){return this.str.match(/^-?[0-9]+$/)?this:this.error(this.msg||"Invalid number")},m.prototype.isLowercase=function(){return this.str.match(/^[a-z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isUppercase=function(){return this.str.match(/^[A-Z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isInt=function(){return this.str.match(/^(?:-?(?:0|[1-9][0-9]*))$/)?this:this.error(this.msg||"Invalid integer")},m.prototype.isDecimal=function(){return this.str.match(/^(?:-?(?:0|[1-9][0-9]*))?(?:\.[0-9]*)?$/)?this:this.error(this.msg||"Invalid decimal")},m.prototype.isFloat=function(){return this.isDecimal()},m.prototype.notNull=function(){return this.str===""?this.error(this.msg||"Invalid characters"):this},m.prototype.isNull=function(){return this.str!==""?this.error(this.msg||"Invalid characters"):this},m.prototype.notEmpty=function(){return this.str.match(/^[\s\t\r\n]*$/)?this.error(this.msg||"String is whitespace"):this},m.prototype.equals=function(a){return this.str!=a?this.error(this.msg||"Not equal"):this},m.prototype.contains=function(a){return this.str.indexOf(a)===-1?this.error(this.msg||"Invalid characters"):this},m.prototype.notContains=function(a){return this.str.indexOf(a)>=0?this.error(this.msg||"Invalid characters"):this},m.prototype.regex=m.prototype.is=function(a,b){return typeof a!="function"&&(a=new RegExp(a,b)),this.str.match(a)?this:this.error(this.msg||"Invalid characters")},m.prototype.notRegex=m.prototype.not=function(a,b){return typeof a!="function"&&(a=new RegExp(a,b)),this.str.match(a)&&this.error(this.msg||"Invalid characters"),this},m.prototype.len=function(a,b){return this.str.length<a&&this.error(this.msg||"String is too small"),typeof b!==undefined&&this.str.length>b?this.error(this.msg||"String is too large"):this},m.prototype.isUUID=function(a){return a==3||a=="v3"?pattern=/[0-9A-F]{8}-[0-9A-F]{4}-3[0-9A-F]{3}-[0-9A-F]{4}-[0-9A-F]{12}$/i:a==4||a=="v4"?pattern=/[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i:pattern=/[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}$/i,this.str.match(pattern)?this:this.error(this.msg||"Not a UUID")},m.prototype.isDate=function(){var a=Date.parse(this.str);return isNaN(a)?this.error(this.msg||"Not a date"):this},m.prototype.isIn=function(a){return a&&typeof a.indexOf=="function"?~a.indexOf(this.str)?this:this.error(this.msg||"Unexpected value"):this.error(this.msg||"Invalid in() argument")},m.prototype.notIn=function(a){return a&&typeof a.indexOf=="function"?a.indexOf(this.str)!==-1?this.error(this.msg||"Unexpected value"):this:this.error(this.msg||"Invalid notIn() argument")},m.prototype.min=function(a){var b=parseFloat(this.str);return!isNaN(b)&&b<a?this.error(this.msg||"Invalid number"):this},m.prototype.max=function(a){var b=parseFloat(this.str);return!isNaN(b)&&b>a?this.error(this.msg||"Invalid number"):this},m.prototype.isArray=function(){return Array.isArray(this.str)?this:this.error(this.msg||"Not an array")};var n=a.Filter=function(){},o="\\r\\n\\t\\s";n.prototype.modify=function(a){this.str=a},n.prototype.convert=n.prototype.sanitize=function(a){return this.str=a,this},n.prototype.xss=function(b){return this.modify(a.xssClean(this.str,b)),this.str},n.prototype.entityDecode=function(){return this.modify(c(this.str)),this.str},n.prototype.entityEncode=function(){return this.modify(d(this.str)),this.str},n.prototype.ltrim=function(a){return a=a||o,this.modify(this.str.replace(new RegExp("^["+a+"]+","g"),"")),this.str},n.prototype.rtrim=function(a){return a=a||o,this.modify(this.str.replace(new RegExp("["+a+"]+$","g"),"")),this.str},n.prototype.trim=function(a){return a=a||o,this.modify(this.str.replace(new RegExp("^["+a+"]+|["+a+"]+$","g"),"")),this.str},n.prototype.ifNull=function(a){return(!this.str||this.str==="")&&this.modify(a),this.str},n.prototype.toFloat=function(){return this.modify(parseFloat(this.str)),this.str},n.prototype.toInt=function(a){return a=a||10,this.modify(parseInt(this.str),a),this.str},n.prototype.toBoolean=function(){return!this.str||this.str=="0"||this.str=="false"||this.str==""?this.modify(!1):this.modify(!0),this.str},n.prototype.toBooleanStrict=function(){return this.str=="1"||this.str=="true"?this.modify(!0):this.modify(!1),this.str},a.sanitize=a.convert=function(b){var c=new a.Filter;return c.sanitize(b)},a.check=a.validate=a.assert=function(b,c){var d=new a.Validator;return d.check(b,c)}})(typeof exports=="undefined"?window:exports); | ||
| */ | ||
| (function(a){function i(a){for(var b in g)a=a.replace(g[b],"");return a}function j(){return"!*$^#(@*#&"}function k(a){return a.replace(">",">").replace("<","<").replace("\\","\\\\")}function l(a){var b=/\/\*.*?\*\//g;return a.replace(/\s*[a-z-]+\s*=\s*'[^']*'/gi,function(a){return a.replace(b,"")}).replace(/\s*[a-z-]+\s*=\s*"[^"]*"/gi,function(a){return a.replace(b,"")}).replace(/\s*[a-z-]+\s*=\s*[^\s]+/gi,function(a){return a.replace(b,"")})}var b={" ":"\u00a0","¡":"\u00a1","¢":"\u00a2","£":"\u00a3","¤":"\u20ac","¥":"\u00a5","¦":"\u0160","§":"\u00a7","¨":"\u0161","©":"\u00a9","ª":"\u00aa","«":"\u00ab","¬":"\u00ac","­":"\u00ad","®":"\u00ae","¯":"\u00af","°":"\u00b0","±":"\u00b1","²":"\u00b2","³":"\u00b3","´":"\u017d","µ":"\u00b5","¶":"\u00b6","·":"\u00b7","¸":"\u017e","¹":"\u00b9","º":"\u00ba","»":"\u00bb","¼":"\u0152","½":"\u0153","¾":"\u0178","¿":"\u00bf","À":"\u00c0","Á":"\u00c1","Â":"\u00c2","Ã":"\u00c3","Ä":"\u00c4","Å":"\u00c5","Æ":"\u00c6","Ç":"\u00c7","È":"\u00c8","É":"\u00c9","Ê":"\u00ca","Ë":"\u00cb","Ì":"\u00cc","Í":"\u00cd","Î":"\u00ce","Ï":"\u00cf","Ð":"\u00d0","Ñ":"\u00d1","Ò":"\u00d2","Ó":"\u00d3","Ô":"\u00d4","Õ":"\u00d5","Ö":"\u00d6","×":"\u00d7","Ø":"\u00d8","Ù":"\u00d9","Ú":"\u00da","Û":"\u00db","Ü":"\u00dc","Ý":"\u00dd","Þ":"\u00de","ß":"\u00df","à":"\u00e0","á":"\u00e1","â":"\u00e2","ã":"\u00e3","ä":"\u00e4","å":"\u00e5","æ":"\u00e6","ç":"\u00e7","è":"\u00e8","é":"\u00e9","ê":"\u00ea","ë":"\u00eb","ì":"\u00ec","í":"\u00ed","î":"\u00ee","ï":"\u00ef","ð":"\u00f0","ñ":"\u00f1","ò":"\u00f2","ó":"\u00f3","ô":"\u00f4","õ":"\u00f5","ö":"\u00f6","÷":"\u00f7","ø":"\u00f8","ù":"\u00f9","ú":"\u00fa","û":"\u00fb","ü":"\u00fc","ý":"\u00fd","þ":"\u00fe","ÿ":"\u00ff",""":'"',"<":"<",">":">","'":"'","−":"\u2212","ˆ":"\u02c6","˜":"\u02dc","Š":"\u0160","‹":"\u2039","Œ":"\u0152","‘":"\u2018","’":"\u2019","“":"\u201c","”":"\u201d","•":"\u2022","–":"\u2013","—":"\u2014","™":"\u2122","š":"\u0161","›":"\u203a","œ":"\u0153","Ÿ":"\u0178","ƒ":"\u0192","Α":"\u0391","Β":"\u0392","Γ":"\u0393","Δ":"\u0394","Ε":"\u0395","Ζ":"\u0396","Η":"\u0397","Θ":"\u0398","Ι":"\u0399","Κ":"\u039a","Λ":"\u039b","Μ":"\u039c","Ν":"\u039d","Ξ":"\u039e","Ο":"\u039f","Π":"\u03a0","Ρ":"\u03a1","Σ":"\u03a3","Τ":"\u03a4","Υ":"\u03a5","Φ":"\u03a6","Χ":"\u03a7","Ψ":"\u03a8","Ω":"\u03a9","α":"\u03b1","β":"\u03b2","γ":"\u03b3","δ":"\u03b4","ε":"\u03b5","ζ":"\u03b6","η":"\u03b7","θ":"\u03b8","ι":"\u03b9","κ":"\u03ba","λ":"\u03bb","μ":"\u03bc","ν":"\u03bd","ξ":"\u03be","ο":"\u03bf","π":"\u03c0","ρ":"\u03c1","ς":"\u03c2","σ":"\u03c3","τ":"\u03c4","υ":"\u03c5","φ":"\u03c6","χ":"\u03c7","ψ":"\u03c8","ω":"\u03c9","ϑ":"\u03d1","ϒ":"\u03d2","ϖ":"\u03d6"," ":"\u2002"," ":"\u2003"," ":"\u2009","‌":"\u200c","‍":"\u200d","‎":"\u200e","‏":"\u200f","‚":"\u201a","„":"\u201e","†":"\u2020","‡":"\u2021","…":"\u2026","‰":"\u2030","′":"\u2032","″":"\u2033","‾":"\u203e","⁄":"\u2044","€":"\u20ac","ℑ":"\u2111","℘":"\u2118","ℜ":"\u211c","ℵ":"\u2135","←":"\u2190","↑":"\u2191","→":"\u2192","↓":"\u2193","↔":"\u2194","↵":"\u21b5","⇐":"\u21d0","⇑":"\u21d1","⇒":"\u21d2","⇓":"\u21d3","⇔":"\u21d4","∀":"\u2200","∂":"\u2202","∃":"\u2203","∅":"\u2205","∇":"\u2207","∈":"\u2208","∉":"\u2209","∋":"\u220b","∏":"\u220f","∑":"\u2211","∗":"\u2217","√":"\u221a","∝":"\u221d","∞":"\u221e","∠":"\u2220","∧":"\u2227","∨":"\u2228","∩":"\u2229","∪":"\u222a","∫":"\u222b","∴":"\u2234","∼":"\u223c","≅":"\u2245","≈":"\u2248","≠":"\u2260","≡":"\u2261","≤":"\u2264","≥":"\u2265","⊂":"\u2282","⊃":"\u2283","⊄":"\u2284","⊆":"\u2286","⊇":"\u2287","⊕":"\u2295","⊗":"\u2297","⊥":"\u22a5","⋅":"\u22c5","⌈":"\u2308","⌉":"\u2309","⌊":"\u230a","⌋":"\u230b","⟨":"\u2329","⟩":"\u232a","◊":"\u25ca","♠":"\u2660","♣":"\u2663","♥":"\u2665","♦":"\u2666"},c=function(a){if(!~a.indexOf("&"))return a;for(var c in b)a=a.replace(new RegExp(c,"g"),b[c]);return a=a.replace(/&#x(0*[0-9a-f]{2,5});?/gi,function(a,b){return String.fromCharCode(parseInt(+b,16))}),a=a.replace(/&#([0-9]{2,4});?/gi,function(a,b){return String.fromCharCode(+b)}),a=a.replace(/&/g,"&"),a},d=function(a){a=a.replace(/&/g,"&"),a=a.replace(/'/g,"'");for(var c in b)a=a.replace(new RegExp(b[c],"g"),c);return a};a.entities={encode:d,decode:c};var e={"document.cookie":"[removed]","document.write":"[removed]",".parentNode":"[removed]",".innerHTML":"[removed]","window.location":"[removed]","-moz-binding":"[removed]","<!--":"<!--","-->":"-->","<![CDATA[":"<![CDATA["},f={"javascript\\s*:":"[removed]","expression\\s*(\\(|&\\#40;)":"[removed]","vbscript\\s*:":"[removed]","Redirect\\s+302":"[removed]"},g=[/%0[0-8bcef]/g,/%1[0-9a-f]/g,/[\x00-\x08]/g,/\x0b/g,/\x0c/g,/[\x0e-\x1f]/g],h=["javascript","expression","vbscript","script","applet","alert","document","write","cookie","window"];a.xssClean=function(b,c){if(typeof b=="object"){for(var d in b)b[d]=a.xssClean(b[d]);return b}b=i(b),b=b.replace(/\&([a-z\_0-9]+)\=([a-z\_0-9]+)/i,j()+"$1=$2"),b=b.replace(/(&\#?[0-9a-z]{2,})([\x00-\x20])*;?/i,"$1;$2"),b=b.replace(/(&\#x?)([0-9A-F]+);?/i,"$1;$2"),b=b.replace(j(),"&");try{b=decodeURIComponent(b)}catch(g){}b=b.replace(/[a-z]+=([\'\"]).*?\1/gi,function(a,b){return a.replace(b,k(b))}),b=i(b),b=b.replace(" "," ");var m=b;for(var d in e)b=b.replace(d,e[d]);for(var d in f)b=b.replace(new RegExp(d,"i"),f[d]);for(var d in h){var n=h[d].split("").join("\\s*")+"\\s*";b=b.replace(new RegExp("("+n+")(\\W)","ig"),function(a,b,c){return b.replace(/\s+/g,"")+c})}do{var o=b;b.match(/<a/i)&&(b=b.replace(/<a\s+([^>]*?)(>|$)/gi,function(a,b,c){return b=l(b.replace("<","").replace(">","")),a.replace(b,b.replace(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi,""))})),b.match(/<img/i)&&(b=b.replace(/<img\s+([^>]*?)(\s?\/?>|$)/gi,function(a,b,c){return b=l(b.replace("<","").replace(">","")),a.replace(b,b.replace(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi,""))}));if(b.match(/script/i)||b.match(/xss/i))b=b.replace(/<(\/*)(script|xss)(.*?)\>/gi,"[removed]")}while(o!=b);event_handlers=["[^a-z_-]on\\w*"],c||event_handlers.push("xmlns"),b=b.replace(new RegExp("<([^><]+?)("+event_handlers.join("|")+")(\\s*=\\s*[^><]*)([><]*)","i"),"<$1$4"),naughty="alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss",b=b.replace(new RegExp("<(/*\\s*)("+naughty+")([^><]*)([><]*)","gi"),function(a,b,c,d,e){return"<"+b+c+d+e.replace(">",">").replace("<","<")}),b=b.replace(/(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)/gi,"$1$2($3)");for(var d in e)b=b.replace(d,e[d]);for(var d in f)b=b.replace(new RegExp(d,"i"),f[d]);if(c&&b!==m)throw new Error("Image may contain XSS");return b};var m=a.Validator=function(){};m.prototype.check=function(a,b){return this.str=a==null||isNaN(a)&&a.length==undefined?"":a+"",this.msg=b,this._errors=[],this},m.prototype.validate=m.prototype.check,m.prototype.assert=m.prototype.check,m.prototype.error=function(a){throw new Error(a)},m.prototype.isEmail=function(){return this.str.match(/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-](?!\.)){0,61}[a-zA-Z0-9]?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9\-](?!$)){0,61}[a-zA-Z0-9]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/)?this:this.error(this.msg||"Invalid email")},m.prototype.isCreditCard=function(){return this.str=this.str.replace(/[^0-9]+/g,""),this.str.match(/^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$/)?this:this.error(this.msg||"Invalid credit card")},m.prototype.isUrl=function(){return!this.str.match(/^(?:(?:ht|f)tp(?:s?)\:\/\/|~\/|\/)?(?:\w+:\w+@)?((?:(?:[-\w\d{1-3}]+\.)+(?:com|org|net|gov|mil|biz|info|mobi|name|aero|jobs|edu|co\.uk|ac\.uk|it|fr|tv|museum|asia|local|travel|[a-z]{2}))|((\b25[0-5]\b|\b[2][0-4][0-9]\b|\b[0-1]?[0-9]?[0-9]\b)(\.(\b25[0-5]\b|\b[2][0-4][0-9]\b|\b[0-1]?[0-9]?[0-9]\b)){3}))(?::[\d]{1,5})?(?:(?:(?:\/(?:[-\w~!$+|.,=]|%[a-f\d]{2})+)+|\/)+|\?|#)?(?:(?:\?(?:[-\w~!$+|.,*:]|%[a-f\d{2}])+=?(?:[-\w~!$+|.,*:=]|%[a-f\d]{2})*)(?:&(?:[-\w~!$+|.,*:]|%[a-f\d{2}])+=?(?:[-\w~!$+|.,*:=]|%[a-f\d]{2})*)*)*(?:#(?:[-\w~!$ |\/.,*:;=]|%[a-f\d]{2})*)?$/i)||this.str.length>2083?this.error(this.msg||"Invalid URL"):this},m.prototype.isIP=function(){return this.str.match(/^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/)?this:this.error(this.msg||"Invalid IP")},m.prototype.isAlpha=function(){return this.str.match(/^[a-zA-Z]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isAlphanumeric=function(){return this.str.match(/^[a-zA-Z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isNumeric=function(){return this.str.match(/^-?[0-9]+$/)?this:this.error(this.msg||"Invalid number")},m.prototype.isLowercase=function(){return this.str.match(/^[a-z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isUppercase=function(){return this.str.match(/^[A-Z0-9]+$/)?this:this.error(this.msg||"Invalid characters")},m.prototype.isInt=function(){return this.str.match(/^(?:-?(?:0|[1-9][0-9]*))$/)?this:this.error(this.msg||"Invalid integer")},m.prototype.isDecimal=function(){return this.str.match(/^(?:-?(?:0|[1-9][0-9]*))?(?:\.[0-9]*)?$/)?this:this.error(this.msg||"Invalid decimal")},m.prototype.isFloat=function(){return this.isDecimal()},m.prototype.notNull=function(){return this.str===""?this.error(this.msg||"Invalid characters"):this},m.prototype.isNull=function(){return this.str!==""?this.error(this.msg||"Invalid characters"):this},m.prototype.notEmpty=function(){return this.str.match(/^[\s\t\r\n]*$/)?this.error(this.msg||"String is whitespace"):this},m.prototype.equals=function(a){return this.str!=a?this.error(this.msg||"Not equal"):this},m.prototype.contains=function(a){return this.str.indexOf(a)===-1?this.error(this.msg||"Invalid characters"):this},m.prototype.notContains=function(a){return this.str.indexOf(a)>=0?this.error(this.msg||"Invalid characters"):this},m.prototype.regex=m.prototype.is=function(a,b){return typeof a!="function"&&(a=new RegExp(a,b)),this.str.match(a)?this:this.error(this.msg||"Invalid characters")},m.prototype.notRegex=m.prototype.not=function(a,b){return typeof a!="function"&&(a=new RegExp(a,b)),this.str.match(a)&&this.error(this.msg||"Invalid characters"),this},m.prototype.len=function(a,b){return this.str.length<a&&this.error(this.msg||"String is too small"),typeof b!==undefined&&this.str.length>b?this.error(this.msg||"String is too large"):this},m.prototype.isUUID=function(a){var b;return a==3||a=="v3"?b=/[0-9A-F]{8}-[0-9A-F]{4}-3[0-9A-F]{3}-[0-9A-F]{4}-[0-9A-F]{12}$/i:a==4||a=="v4"?b=/[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i:b=/[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}$/i,this.str.match(b)?this:this.error(this.msg||"Not a UUID")},m.prototype.isDate=function(){var a=Date.parse(this.str);return isNaN(a)?this.error(this.msg||"Not a date"):this},m.prototype.isIn=function(a){return a&&typeof a.indexOf=="function"?~a.indexOf(this.str)?this:this.error(this.msg||"Unexpected value"):this.error(this.msg||"Invalid in() argument")},m.prototype.notIn=function(a){return a&&typeof a.indexOf=="function"?a.indexOf(this.str)!==-1?this.error(this.msg||"Unexpected value"):this:this.error(this.msg||"Invalid notIn() argument")},m.prototype.min=function(a){var b=parseFloat(this.str);return!isNaN(b)&&b<a?this.error(this.msg||"Invalid number"):this},m.prototype.max=function(a){var b=parseFloat(this.str);return!isNaN(b)&&b>a?this.error(this.msg||"Invalid number"):this},m.prototype.isArray=function(){return Array.isArray(this.str)?this:this.error(this.msg||"Not an array")};var n=a.Filter=function(){},o="\\r\\n\\t\\s";n.prototype.modify=function(a){this.str=a},n.prototype.convert=n.prototype.sanitize=function(a){return this.str=a,this},n.prototype.xss=function(b){return this.modify(a.xssClean(this.str,b)),this.str},n.prototype.entityDecode=function(){return this.modify(c(this.str)),this.str},n.prototype.entityEncode=function(){return this.modify(d(this.str)),this.str},n.prototype.ltrim=function(a){return a=a||o,this.modify(this.str.replace(new RegExp("^["+a+"]+","g"),"")),this.str},n.prototype.rtrim=function(a){return a=a||o,this.modify(this.str.replace(new RegExp("["+a+"]+$","g"),"")),this.str},n.prototype.trim=function(a){return a=a||o,this.modify(this.str.replace(new RegExp("^["+a+"]+|["+a+"]+$","g"),"")),this.str},n.prototype.ifNull=function(a){return(!this.str||this.str==="")&&this.modify(a),this.str},n.prototype.toFloat=function(){return this.modify(parseFloat(this.str)),this.str},n.prototype.toInt=function(a){return a=a||10,this.modify(parseInt(this.str),a),this.str},n.prototype.toBoolean=function(){return!this.str||this.str=="0"||this.str=="false"||this.str==""?this.modify(!1):this.modify(!0),this.str},n.prototype.toBooleanStrict=function(){return this.str=="1"||this.str=="true"?this.modify(!0):this.modify(!1),this.str},a.sanitize=a.convert=function(b){var c=new a.Filter;return c.sanitize(b)},a.check=a.validate=a.assert=function(b,c){var d=new a.Validator;return d.check(b,c)}})(typeof exports=="undefined"?window:exports); |
@@ -515,9 +515,10 @@ /*! | ||
| function filter_attributes(str) { | ||
| out = ''; | ||
| str.replace(/\s*[a-z\-]+\s*=\s*(?:\042|\047)(?:[^\1]*?)\1/gi, function(m) { | ||
| out += m.replace(/\/\*.*?\*\//g, ''); | ||
| var comments = /\/\*.*?\*\//g; | ||
| return str.replace(/\s*[a-z-]+\s*=\s*'[^']*'/gi, function (m) { | ||
| return m.replace(comments, ''); | ||
| }).replace(/\s*[a-z-]+\s*=\s*"[^"]*"/gi, function (m) { | ||
| return m.replace(comments, ''); | ||
| }).replace(/\s*[a-z-]+\s*=\s*[^\s]+/gi, function (m) { | ||
| return m.replace(comments, ''); | ||
| }); | ||
| return out; | ||
| } | ||
@@ -699,2 +700,3 @@ | ||
| Validator.prototype.isUUID = function(version) { | ||
| var pattern; | ||
| if (version == 3 || version == 'v3') { | ||
@@ -701,0 +703,0 @@ pattern = /[0-9A-F]{8}-[0-9A-F]{4}-3[0-9A-F]{3}-[0-9A-F]{4}-[0-9A-F]{12}$/i; |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.69%
108597
- Lines of code
- increased by3.49%
2283
No dependency changes