Skip to content

Commit 2212d52

Browse files
leizongminleizongmin
committed
v0.2.17
1 parent 857fa9d commit 2212d52

File tree

3 files changed

+15
-8
lines changed

3 files changed

+15
-8
lines changed

dist/xss.js

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
*/
77

88
var FilterCSS = require('cssfilter').FilterCSS;
9+
var getDefaultCSSWhiteList = require('cssfilter').getDefaultWhiteList;
910
var _ = require('./util');
1011

1112
// 默认白名单
@@ -147,7 +148,6 @@ function escapeHtml (html) {
147148
* @return {String}
148149
*/
149150
function safeAttrValue (tag, name, value, cssFilter) {
150-
cssFilter = cssFilter || defaultCSSFilter;
151151
// 转换为友好的属性值,再做判断
152152
value = friendlyAttrValue(value);
153153

@@ -189,7 +189,10 @@ function safeAttrValue (tag, name, value, cssFilter) {
189189
return '';
190190
}
191191
}
192-
value = cssFilter.process(value);
192+
if (cssFilter !== false) {
193+
cssFilter = cssFilter || defaultCSSFilter;
194+
value = cssFilter.process(value);
195+
}
193196
}
194197

195198
// 输出时需要转义<>"
@@ -408,7 +411,7 @@ exports.StripTagBody = StripTagBody;
408411
exports.stripCommentTag = stripCommentTag;
409412
exports.stripBlankChar = stripBlankChar;
410413
exports.cssFilter = defaultCSSFilter;
411-
414+
exports.getDefaultCSSWhiteList = getDefaultCSSWhiteList;
412415

413416
},{"./util":4,"cssfilter":8}],2:[function(require,module,exports){
414417
/**
@@ -774,7 +777,7 @@ function getAttrs (html) {
774777
* 选项:whiteList, onTag, onTagAttr, onIgnoreTag,
775778
* onIgnoreTagAttr, safeAttrValue, escapeHtml
776779
* stripIgnoreTagBody, allowCommentTag, stripBlankChar
777-
* css{whiteList, onAttr, onIgnoreAttr}
780+
* css{whiteList, onAttr, onIgnoreAttr} css=false表示禁用cssfilter
778781
*/
779782
function FilterXSS (options) {
780783
options = options || {};
@@ -793,10 +796,14 @@ function FilterXSS (options) {
793796
options.onIgnoreTagAttr = options.onIgnoreTagAttr || DEFAULT.onIgnoreTagAttr;
794797
options.safeAttrValue = options.safeAttrValue || DEFAULT.safeAttrValue;
795798
options.escapeHtml = options.escapeHtml || DEFAULT.escapeHtml;
796-
options.css = options.css || {};
797799
this.options = options;
798800

799-
this.cssFilter = new FilterCSS(options.css);
801+
if (options.css === false) {
802+
this.cssFilter = false;
803+
} else {
804+
options.css = options.css || {};
805+
this.cssFilter = new FilterCSS(options.css);
806+
}
800807
}
801808

802809
/**

0 commit comments

Comments
 (0)