How to use the xss function in xss

To help you get started, we’ve selected a few xss examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github erxes / erxes / src / modules / activityLogs / components / items / Conversation.tsx View on Github external
return (
      <>
        
          {this.renderAction()}

          
            
              {dayjs(createdAt).format('MMM D, h:mm A')}
            
          
        
        {content && (
          
            
            {messages && messages.length}
          
        )}
      
    );
  }
github mollyywang / koa2-mongodb-jwt-server / src / services / product-service.js View on Github external
const pickProps = (data) => {
  data.name = xss(data.name)
  data.price = xss(data.price)
  data.image = xss(data.image)
  data.from = xss(data.from)
  data.urllink = xss(data.urllink)
  return pick(data, ['name', 'price', 'image', 'from', 'urllink'])
}
github MyEtherWallet / MyEtherWallet / src / builds / mewcx / cxHelpers / contentScript.js View on Github external
const stripTags = content => {
  const insertToDom = new DOMParser().parseFromString(content, 'text/html');
  insertToDom.body.textContent.replace(/(<([^>]+)>)/gi, '') || '';
  const string = xss(insertToDom.body.textContent, {
    whitelist: [],
    stripIgnoreTag: true,
    stripIgnoreTagBody: '*'
  });
  return string;
};
github abecms / abecms / src / server / routes / get-main.js View on Github external
var route = function(req, res, next) {
  var filePath = req.originalUrl.replace('/abe/editor', '')
  if (filePath === '' || filePath === '/') {
    filePath = null
  }
  if (
    filePath != null &&
    path.extname(filePath) != `.${config.files.templates.extension}` &&
    path.extname(filePath) != '.json'
  ) {
    next()
    return
  }
  if (filePath != null) {
    var testXSS = xss(filePath, {
      whiteList: [],
      stripIgnoreTag: true
    })
    if (testXSS !== filePath) {
      filePath = testXSS
    }
  }

  abeExtend.hooks.instance.trigger('beforeRoute', req, res, next)
  if (typeof res._header !== 'undefined' && res._header !== null) return

  var isHome = true
  var jsonPath = null
  var template = null
  var fileName = null
  var folderPath = null
github GordyD / 3ree / server / api / service / event.js View on Github external
export function editEvent(id, event) {
  event.updated = new Date();
  event.text = xss(event.text);
  return connect()
  .then(conn => {
    return r
    .table('pulses')
    .get(id).update(event).run(conn)
    .then(() => event);
  });
}
github erxes / erxes / src / modules / notifications / components / NotificationRow.tsx View on Github external
renderContent(content: string, type: string) {
    if (!type.includes('conversation')) {
      return <b> {content}</b>;
    }

    return (
      <div>
        <content>
      </content></div>
    );
  }
github express-vue / express-vue / lib / utils / string.js View on Github external
function scriptToString(script: Object): string {
    let string = '';
    for (let member in script) {
        switch (typeof script[member]) {
        case 'function':
            if (member === 'data') {
                const dataObj = xss(JSON.stringify(script[member]()));
                string += `${member}: function(){return ${dataObj}},`;
            } else {
                string += member + ': ' + String(script[member]) + ',';
            }
            break;
        case 'object':
            if (member === 'data') {
                string += member + ': ' + xss(JSON.stringify(script[member])) + ',';
            } else if (script[member].constructor === Array) {
                string += member + ': ' + xss(JSON.stringify(script[member])) + ',';
            } else {
                string += member + ': ' + scriptToString(script[member]) + ',';
            }
            break;
        default:
            string += member + ': ' + JSON.stringify(script[member]) + ',';
github erxes / erxes / src / modules / inbox / components / conversationDetail / workarea / conversation / messages / SimpleMessage.tsx View on Github external
renderContent(hasAttachment: boolean) {
    const { message, renderContent } = this.props;

    if (renderContent) {
      return renderContent();
    }

    return (
      &lt;&gt;
        <span>
        {this.renderAttachment(hasAttachment)}
      
    );
  }
</span>
github dtube / dtube / client / collections / videos.js View on Github external
t:xss(video.tags[i], {
          whiteList: [],
          stripIgnoreTag: true,
          stripIgnoreTagBody: ['script']
        }),
        vt: 1
      })
    }
    newVideo.tags = xssTags
  }

  if (newVideo.json.tags &amp;&amp; !newVideo.tags) {
    var xssTags = []
    for (let i = 0; i &lt; newVideo.json.tags.length; i++) {
      xssTags.push({
        t: xss(newVideo.json.tags[i], {
          whiteList: [],
          stripIgnoreTag: true,
          stripIgnoreTagBody: ['script']
        }),
        vt: 1
      })
    }
    newVideo.tags = xssTags
  }

  if (Session.get('scot') &amp;&amp; !isComment) {
    var hasTheTag = false
    if (newVideo.tags)
      for (let i = 0; i &lt; newVideo.tags.length; i++) {
        if (newVideo.tags[i].t === Session.get('scot').tag) {
          hasTheTag = true

xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

MIT
Latest version published 2 years ago

Package Health Score

76 / 100
Full package analysis