New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

xss

Package Overview
Dependencies
Maintainers
1
Versions
71
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

xss - npm Package Compare versions

Comparing version 0.1.20 to 0.1.21

lib/util.js

89

dist/xss.js

@@ -8,2 +8,3 @@ (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){

var _ = require('./util');

@@ -149,3 +150,3 @@ // 默认白名单

// 仅允许 http:// | https:// | mailto: | / 开头的地址
value = value.trim();
value = _.trim(value);
if (value === '#') return '#';

@@ -262,3 +263,3 @@ if (!(value.substr(0, 7) === 'http://' ||

}
return str2.trim();
return _.trim(str2);
}

@@ -313,3 +314,3 @@

if (isRemoveAllTag) return true;
return (tags.indexOf(tag) !== -1);
return (_.indexOf(tags, tag) !== -1);
}

@@ -342,3 +343,3 @@

var lastPos = 0;
removeList.forEach(function (pos) {
_.forEach(removeList, function (pos) {
rethtml += html.slice(lastPos, pos[0]);

@@ -404,3 +405,3 @@ lastPos = pos[1];

},{}],2:[function(require,module,exports){
},{"./util":4}],2:[function(require,module,exports){
/**

@@ -437,25 +438,3 @@ * 模块入口

// 低版本浏览器支持
if (!Array.prototype.indexOf) {
Array.prototype.indexOf = function (item) {
for (var i = 0; i < this.length; i++) {
if (this[i] === item) return i;
}
return -1;
};
}
if (!Array.prototype.forEach) {
Array.prototype.forEach = function (fn, scope) {
for (var i = 0; i < this.length; i++) {
fn.call(scope, this[i], i, this);
}
};
}
if (!String.prototype.trim) {
String.prototype.trim = function () {
return this.replace(/(^\s*)|(\s*$)/g, '');
};
}
// 在AMD下使用

@@ -473,3 +452,3 @@ if (typeof define === 'function' && define.amd) {

},{"./default":1,"./parser":3,"./xss":4}],3:[function(require,module,exports){
},{"./default":1,"./parser":3,"./xss":5}],3:[function(require,module,exports){
/**

@@ -481,2 +460,3 @@ * 简单 HTML Parser

var _ = require('./util');

@@ -496,3 +476,3 @@ /**

}
tagName = tagName.trim().toLowerCase();
tagName = _.trim(tagName).toLowerCase();
if (tagName[0] === '/') tagName = tagName.slice(1);

@@ -602,3 +582,3 @@ if (tagName[tagName.length - 1] === '/') tagName = tagName.slice(0, -1);

function addAttr (name, value) {
name = name.trim();
name = _.trim(name);
name = name.replace(REGEXP_ATTR_NAME, '').toLowerCase();

@@ -623,3 +603,3 @@ if (name.length < 1) return;

} else {
v = html.slice(lastPos + 1, j).trim();
v = _.trim(html.slice(lastPos + 1, j));
addAttr(tmpName, v);

@@ -634,3 +614,3 @@ tmpName = false;

if (c === ' ') {
v = html.slice(lastPos, i).trim();
v = _.trim(html.slice(lastPos, i));
if (tmpName === false) {

@@ -655,3 +635,3 @@ addAttr(v);

return retAttrs.join(' ').trim();
return _.trim(retAttrs.join(' '));
}

@@ -662,3 +642,34 @@

},{}],4:[function(require,module,exports){
},{"./util":4}],4:[function(require,module,exports){
module.exports = {
indexOf: function (arr, item) {
var i, j;
if (Array.prototype.indexOf) {
return arr.indexOf(item);
}
for (i = 0, j = arr.length; i < j; i++) {
if (arr[i] === item) {
return i;
}
}
return -1;
},
forEach: function (arr, fn, scope) {
var i, j;
if (Array.prototype.forEach) {
return arr.forEach(fn, scope);
}
for (i = 0, j = arr.length; i < j; i++) {
fn.call(scope, arr[i], i, arr);
}
},
trim: function (str) {
if (String.prototype.forEach) {
return str.trim();
}
return str.replace(/(^\s*)|(\s*$)/g, '');
}
};
},{}],5:[function(require,module,exports){
/**

@@ -674,2 +685,3 @@ * 过滤XSS

var parseAttr = parser.parseAttr;
var _ = require('./util');

@@ -703,5 +715,5 @@

}
html = html.slice(i + 1, -1).trim();
html = _.trim(html.slice(i + 1, -1));
var isClosing = (html[html.length - 1] === '/');
if (isClosing) html = html.slice(0, -1).trim();
if (isClosing) html = _.trim(html.slice(0, -1));
return {

@@ -805,3 +817,3 @@ html: html,

// 调用onTagAttr处理
var isWhiteAttr = (whiteAttrList.indexOf(name) !== -1);
var isWhiteAttr = (_.indexOf(whiteAttrList, name) !== -1);
var ret = onTagAttr(tag, name, value, isWhiteAttr);

@@ -853,2 +865,3 @@ if (!isNull(ret)) return ret;

module.exports = FilterXSS;
},{"./default":1,"./parser":3}]},{},[2]);
},{"./default":1,"./parser":3,"./util":4}]},{},[2]);

9

lib/default.js

@@ -7,2 +7,3 @@ /**

var _ = require('./util');

@@ -148,3 +149,3 @@ // 默认白名单

// 仅允许 http:// | https:// | mailto: | / 开头的地址
value = value.trim();
value = _.trim(value);
if (value === '#') return '#';

@@ -261,3 +262,3 @@ if (!(value.substr(0, 7) === 'http://' ||

}
return str2.trim();
return _.trim(str2);
}

@@ -312,3 +313,3 @@

if (isRemoveAllTag) return true;
return (tags.indexOf(tag) !== -1);
return (_.indexOf(tags, tag) !== -1);
}

@@ -341,3 +342,3 @@

var lastPos = 0;
removeList.forEach(function (pos) {
_.forEach(removeList, function (pos) {
rethtml += html.slice(lastPos, pos[0]);

@@ -344,0 +345,0 @@ lastPos = pos[1];

22

lib/index.js

@@ -32,25 +32,3 @@ /**

// 低版本浏览器支持
if (!Array.prototype.indexOf) {
Array.prototype.indexOf = function (item) {
for (var i = 0; i < this.length; i++) {
if (this[i] === item) return i;
}
return -1;
};
}
if (!Array.prototype.forEach) {
Array.prototype.forEach = function (fn, scope) {
for (var i = 0; i < this.length; i++) {
fn.call(scope, this[i], i, this);
}
};
}
if (!String.prototype.trim) {
String.prototype.trim = function () {
return this.replace(/(^\s*)|(\s*$)/g, '');
};
}
// 在AMD下使用

@@ -57,0 +35,0 @@ if (typeof define === 'function' && define.amd) {

11

lib/parser.js

@@ -7,2 +7,3 @@ /**

var _ = require('./util');

@@ -22,3 +23,3 @@ /**

}
tagName = tagName.trim().toLowerCase();
tagName = _.trim(tagName).toLowerCase();
if (tagName[0] === '/') tagName = tagName.slice(1);

@@ -128,3 +129,3 @@ if (tagName[tagName.length - 1] === '/') tagName = tagName.slice(0, -1);

function addAttr (name, value) {
name = name.trim();
name = _.trim(name);
name = name.replace(REGEXP_ATTR_NAME, '').toLowerCase();

@@ -149,3 +150,3 @@ if (name.length < 1) return;

} else {
v = html.slice(lastPos + 1, j).trim();
v = _.trim(html.slice(lastPos + 1, j));
addAttr(tmpName, v);

@@ -160,3 +161,3 @@ tmpName = false;

if (c === ' ') {
v = html.slice(lastPos, i).trim();
v = _.trim(html.slice(lastPos, i));
if (tmpName === false) {

@@ -181,3 +182,3 @@ addAttr(v);

return retAttrs.join(' ').trim();
return _.trim(retAttrs.join(' '));
}

@@ -184,0 +185,0 @@

9

lib/xss.js

@@ -11,2 +11,3 @@ /**

var parseAttr = parser.parseAttr;
var _ = require('./util');

@@ -40,5 +41,5 @@

}
html = html.slice(i + 1, -1).trim();
html = _.trim(html.slice(i + 1, -1));
var isClosing = (html[html.length - 1] === '/');
if (isClosing) html = html.slice(0, -1).trim();
if (isClosing) html = _.trim(html.slice(0, -1));
return {

@@ -142,3 +143,3 @@ html: html,

// 调用onTagAttr处理
var isWhiteAttr = (whiteAttrList.indexOf(name) !== -1);
var isWhiteAttr = (_.indexOf(whiteAttrList, name) !== -1);
var ret = onTagAttr(tag, name, value, isWhiteAttr);

@@ -189,2 +190,2 @@ if (!isNull(ret)) return ret;

module.exports = FilterXSS;
module.exports = FilterXSS;

2

package.json
{
"name": "xss",
"main": "./lib/index.js",
"version": "0.1.20",
"version": "0.1.21",
"description": "Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist. 根据白名单过滤HTML(防止XSS攻击)",

@@ -6,0 +6,0 @@ "author": "leizongmin <leizongmin@gmail.com> (http://ucdok.com)",

assets/img/SafeControls.dmg
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc