How to use the xss.getDefaultWhiteList function in xss

To help you get started, we’ve selected a few xss examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github kk0829 / zan-node / src / middlewares / xss.js View on Github external
return async(ctx, next) => {
        let query = ctx.query;
        let bodyData = ctx.request.body;
        let one = options.WHITELISTS.find((item) => item.pathReg.test(ctx.path));
        // 黑科技
        if (one && one.options && one.options.close) {
            await next();
            return;
        }
        let wrapOptions = one ? one.options : {};
        const whiteList = xss.getDefaultWhiteList();

        if (wrapOptions.enableStyle) {
            for (let key of Object.keys(whiteList)) {
                whiteList[key].push('style');
            }
        }

        let customXss = new xss.FilterXSS({
            whiteList
        });

        if (query) {
            for (let key of Object.keys(query)) {
                query[key] = customXss.process(query[key]);
            }
        }
github kk0829 / zan-node / lib / middlewares / xss.js View on Github external
var _ref = _asyncToGenerator(function* (ctx, next) {
            let query = ctx.query;
            let bodyData = ctx.request.body;
            let one = options.WHITELISTS.find(function (item) {
                return item.pathReg.test(ctx.path);
            });
            // 黑科技
            if (one && one.options && one.options.close) {
                yield next();
                return;
            }
            let wrapOptions = one ? one.options : {};
            const whiteList = xss.getDefaultWhiteList();

            if (wrapOptions.enableStyle) {
                for (let key of Object.keys(whiteList)) {
                    whiteList[key].push('style');
                }
            }

            let customXss = new xss.FilterXSS({
                whiteList
            });

            if (query) {
                for (let key of Object.keys(query)) {
                    query[key] = customXss.process(query[key]);
                }
            }
github ACGN-stock / acgn-stock / client / utils / helpers.js View on Github external
html = `<br>${html}`;
      }

      return html;
    });

    return outputKatexHTML;
  }
};

// 防止 xss 幫我們跳脫字元
function escapeHtml(html) {
  return html;
}

const whiteList = xss.getDefaultWhiteList();
whiteList.span.push('class');
whiteList.span.push('style');

const xssFilter = {
  type: 'output',
  filter: function(text) {
    return xss(text, { escapeHtml, whiteList, css: {
      whiteList: {
        'aria-hidden': true,
        'vertical-align': true,
        'top': true,
        'position': true,
        'height': true
      }
    } });
  }
github yarnpkg / website / js / src / components / Markdown.js View on Github external
} catch (err) {}
    }

    try {
      const prepared = hljs.highlightAuto(code);
      return `<pre><code class="${prepared.language}">${
        prepared.value
      }</code></pre>`;
    } catch (err) {}

    return `<pre><code>${code}</code></pre>`;
  };

  return xss(marked(source, { renderer, mangle: false }), {
    whiteList: {
      ...xss.getDefaultWhiteList(),
      code: ['class'],
      span: ['class'],
      h1: ['id'],
      h2: ['id'],
      h3: ['id'],
      h4: ['id'],
      h5: ['id'],
      h6: ['id'],
    },
  });
};

xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

MIT
Latest version published 2 years ago

Package Health Score

76 / 100
Full package analysis