xss - npm Package Compare versions

Comparing version 0.2.16 to 0.2.17

lib/default.js

		@@ -8,2 +8,3 @@ /**
		var FilterCSS = require('cssfilter').FilterCSS;
		var getDefaultCSSWhiteList = require('cssfilter').getDefaultWhiteList;
		var _ = require('./util');
		@@ -150,3 +151,2 @@
		function safeAttrValue (tag, name, value, cssFilter) {
		cssFilter = cssFilter \|\| defaultCSSFilter;
		// 转换为友好的属性值，再做判断
		@@ -193,3 +193,6 @@ value = friendlyAttrValue(value);
		}
		value = cssFilter.process(value);
		if (cssFilter !== false) {
		cssFilter = cssFilter \|\| defaultCSSFilter;
		value = cssFilter.process(value);
		}
		}
		@@ -413,2 +416,2 @@
		exports.cssFilter = defaultCSSFilter;

		exports.getDefaultCSSWhiteList = getDefaultCSSWhiteList;

lib/xss.js

		@@ -57,3 +57,3 @@ /**
		* stripIgnoreTagBody, allowCommentTag, stripBlankChar
		* css{whiteList, onAttr, onIgnoreAttr}
		* css{whiteList, onAttr, onIgnoreAttr} css=false表示禁用cssfilter
		*/
		@@ -77,6 +77,10 @@ function FilterXSS (options) {
		options.escapeHtml = options.escapeHtml \|\| DEFAULT.escapeHtml;
		options.css = options.css \|\| {};
		this.options = options;

		this.cssFilter = new FilterCSS(options.css);
		if (options.css === false) {
		this.cssFilter = false;
		} else {
		options.css = options.css \|\| {};
		this.cssFilter = new FilterCSS(options.css);
		}
		}
		@@ -83,0 +87,0 @@

package.json

		{
		"name": "xss",
		"main": "./lib/index.js",
		"version": "0.2.16",
		"version": "0.2.17",
		"description": "Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist",
		@@ -6,0 +6,0 @@ "author": "Zongmin Lei <leizongmin@gmail.com> (http://ucdok.com)",

README.md

		@@ -304,2 +304,10 @@ [![NPM version][npm-image]][npm-url]

		If you don't want to filter out the `style` content, just specify `false` to the `css` option:

		```javascript
		myxss = new xss.FilterXSS({
		css: false,
		});
		```

		For more help, please see https://github.com/leizongmin/js-css-filter
		@@ -306,0 +314,0 @@

Improved metrics