How to use the xss.onIgnoreTag function in xss

To help you get started, we’ve selected a few xss examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github tianxiangbing / chat / socket / msg.js View on Github external
var IO = function(server) {
	var io = sio.listen(server)
	var users = {},
		usocket = {};
	var counter = 0;
	var home = {};
	var xss = require('xss');
	var drawlist = ['杯子', '苹果', '香蕉', '花',"乌龟","大象","飞机","手枪","蛋糕","火车","椅子","桌子","大树"];
	var quest = "";
	var interval = null;
	// 添加或更新白名单中的标签 标签名(小写) = ['允许的属性列表(小写)']
	xss.whiteList['img'] = ['src'];
	// 删除默认的白名单标签
	delete xss.whiteList['div'];
	// 自定义处理不在白名单中的标签
	xss.onIgnoreTag = function(tag, html) {
		// tag:当前标签名(小写),如:a
		// html:当前标签的HTML代码,如:<a href="ooxx">
		// 返回新的标签HTML代码,如果想使用默认的处理方式,不返回任何值即可
		// 比如将标签替换为[removed]:return '[removed]';
		// 以下为默认的处理代码:
		return html.replace(//g, '&gt;');
	}

	function Quest() {
		//随机出题
		outQuest();
		//interval = setInterval(outQuest, 60000);
	}

	function outQuest() {
		quest = drawlist[Math.floor(drawlist.length * Math.random())];</a>

xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

MIT
Latest version published 8 months ago

Package Health Score

76 / 100
Full package analysis