How to use the xss.FilterXSS function in xss
To help you get started, we’ve selected a few xss examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
cnodejs / nodeclub / common / render_helper.js View on Github 
language = validator.escape(language);
return '<pre class="prettyprint ' + language + '">'
+ '<code>' + validator.escape(token.content) + '</code>'
+ '</pre>';
};
md.renderer.rules.code_block = function (tokens, idx /*, options*/) {
var token = tokens[idx];
return '<pre class="prettyprint">'
+ '<code>' + validator.escape(token.content) + '</code>'
+ '</pre>';
};
var myxss = new jsxss.FilterXSS({
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
// 让 prettyprint 可以工作
if (tag === 'pre' && name === 'class') {
return name + '="' + jsxss.escapeAttrValue(value) + '"';
}
}
});
exports.markdown = function (text) {
return '<div class="markdown-text">' + myxss.process(md.render(text || '')) + '</div>';
};
exports.escapeSignature = function (signature) {
return signature.split('\n').map(function (p) {
return _.escape(p);
}).join('<br>');let one = options.WHITELISTS.find((item) => item.pathReg.test(ctx.path));
// 黑科技
if (one && one.options && one.options.close) {
await next();
return;
}
let wrapOptions = one ? one.options : {};
const whiteList = xss.getDefaultWhiteList();
if (wrapOptions.enableStyle) {
for (let key of Object.keys(whiteList)) {
whiteList[key].push('style');
}
}
let customXss = new xss.FilterXSS({
whiteList
});
if (query) {
for (let key of Object.keys(query)) {
query[key] = customXss.process(query[key]);
}
}
if (bodyData) {
if (isObject(bodyData)) {
for (let key of Object.keys(bodyData)) {
if (isString(bodyData[key])) {
bodyData[key] = bodyData[key].trim();
bodyData[key] = customXss.process(bodyData[key]);
}
}desktop: 992,
tablet: 768,
phone: 576,
};
// Iterate through the sizes and create a media template
export const media = Object.keys(sizes).reduce((acc: any, label) => {
acc[label] = (...args: any) => css`
@media (max-width: ${sizes[label] / 16}em) {
${css(...args)}
}
`;
return acc;
}, {});
const Xss = new jsxss.FilterXSS({
onIgnoreTagAttr: (tag: any, name: any, value: any) => {
// 让 prettyprint 可以工作
if (tag === 'pre' && name === 'class') {
return name + '="' + jsxss.escapeAttrValue(value) + '"';
}
return '';
},
});
export const xss = (html: any) => {
return Xss.process(html);
};
export const isServer = typeof window === 'undefined';this.arcgisWhiteList,
filterOptions.whiteList || {}
]);
} else {
xssFilterOptions[key] = filterOptions[key];
}
});
} else {
// Only use the defaults
xssFilterOptions = Object.create(this.arcgisFilterOptions);
xssFilterOptions.whiteList = this.arcgisWhiteList;
}
this.xssFilterOptions = xssFilterOptions;
// Make this readable to tests
this._xssFilter = new xss.FilterXSS(xssFilterOptions);
}return (
'<pre class="prettyprint ' +
language +
'">' +
'<code>' +
validator.escape(token.content) +
'</code>' +
'</pre>'
)
}
md.renderer.rules.code_inline = (tokens, idx /*, options */) => {
return '<code>' + validator.escape(tokens[idx].content) + '</code>'
}
const myxss = new jsxss.FilterXSS({
onIgnoreTagAttr: (tag, name, value, isWhiteAttr) => {
// 让 prettyprint 可以工作
if (tag === 'pre' && name === 'class') {
return name + '="' + jsxss.escapeAttrValue(value) + '"'
}
}
})
exports.markdown = text => {
return (
'<div class="markdown-text">' +
myxss.process(md.render(text || '')) +
'</div>'
)
}const xss = require('xss');
const myXss = new xss.FilterXSS({
whiteList: {
},
});
module.exports = function processXss(text) {
return myXss.process(text);
};//Requires
const dateFormat = require('dateformat');
const xssClass = require("xss");
const { dir, log, logOk, logWarn, logError, cleanTerminal, getLog } = require('../extras/console');
const webUtils = require('./webUtils.js');
const context = 'WebServer:Diagnostics-Log';
//Set custom xss rules
const xss = new xssClass.FilterXSS({
whiteList: []
});
/**
* Returns the output page containing the full report
* @param {object} res
* @param {object} req
*/
module.exports = async function action(res, req) {
const logHistory = getLog();
let processedLog = [];
logHistory.forEach(logData => {
let ts = dateFormat(new Date(logData.ts*1000), 'HH:MM:ss');
let mark = `<mark class="consoleMark-${logData.type.toLowerCase()}">[${ts}][${logData.ctx}]</mark>`;import xss from 'xss';
const myXss = new xss.FilterXSS({
whiteList: {
},
});
export default function (value) {
return myXss.process(value);
}module.exports = (options, app) => {
const myxss = new xss.FilterXSS(options);
const deepXss = function(value, deep = true) {
let res;
if (Array.isArray(value) && value.length > 0) {
res = [];
} else if (lodash.isPlainObject(value) && Object.keys(value).length > 0) {
res = {};
} else {
if (typeof value === 'string') {
return myxss.process(value.trim());
}
return value;
}
return lodash.reduce(
value,export function sanitizeHtml(html: string): string {
const tagStack: string[] = []
const whiteList = getWhiteList()
const sanitizer = new xss.FilterXSS({
whiteList,
onTag: (tag: string, _1: string, options: any): string | void => {
return processTag(tagStack, tag, options)
},
onIgnoreTag: (tag: string, _1: string, options: any) => {
throw new RicardianContractRenderError({
tag, reason: `Disallowed tag "${tag}" found at position ${options.sourcePosition}`,
})
},
onIgnoreTagAttr: (tag: string, name: string, _1: string, _2: boolean) => {
throw new RicardianContractRenderError({
tag, reason: `Disallowed attribute "${name}" found on tag "${tag}"`,
})
},
})xss
Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
