xss - npm Package Compare versions

Comparing version 0.0.6 to 0.0.7

lib/index.js

		@@ -229,3 +229,3 @@ /**
		if (hasSprit) _attrs += '/';


		return _attrs.trim();
		@@ -246,3 +246,3 @@ };
		var spos = tag.slice(0, 2) === '</' ? 2 : 1;


		var i = tag.indexOf(' ');
		@@ -255,6 +255,15 @@ if (i === -1) {
		tagName = tagName.toLowerCase();

		// 检查标签是否以“/”结尾
		if (tagName.slice(-1) === '/') {
		tagName = tagName.slice(0, -1);
		var hasSprit = true;
		} else {
		var hasSprit = false;
		}

		if (tagName in this.whiteList) {
		// 过滤不合法的属性
		if (i === -1) {
		rethtml += tag.slice(0, spos) + tagName + '>';
		rethtml += tag.slice(0, spos) + tagName + (hasSprit ? ' />' : '>');
		} else {
		@@ -261,0 +270,0 @@ var attrs = this.filterAttributes(tagName, tag.slice(i + 1, tag.length - 1).trim());

package.json

		{
		"name": "xss",
		"main": "./lib/index.js",
		"version": "0.0.6",
		"version": "0.0.7",
		"description": "XSS攻击代码过滤 Remove XSS attack vectors from user-supplied HTML",
		@@ -6,0 +6,0 @@ "author": "leizongmin <leizongmin@gmail.com> (http://ucdok.com)",

test/test_xss.js

		@@ -30,3 +30,3 @@ /**

		// 过滤不再白名单中的属性
		// 过滤不在白名单中的属性
		assert.equal(xss('<a oo="1" xx="2" href="3">yy</a>'), '<a href="3">yy</a>');
		@@ -56,2 +56,4 @@ assert.equal(xss('<a href xx oo>pp</a>'), '<a href>pp</a>');
		assert.equal(xss('<img src="#"//>'), '<img src="#">');
		assert.equal(xss('<br/>'), '<br />');
		assert.equal(xss('<br />'), '<br />');

		@@ -58,0 +60,0 @@ });

New alerts