From b5fc7b92b94a3603ce06ee7c51e8f1246bf2138f Mon Sep 17 00:00:00 2001
From: Menci <HuangHaoRui301@Gmail.com>
Date: Mon, 17 Apr 2017 14:55:55 +0800
Subject: [PATCH] Fix XSS with iframe url starts with spaces

---
 utility.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utility.js b/utility.js
index 4944f22..7b9dc33 100644
--- a/utility.js
+++ b/utility.js
@@ -100,11 +100,11 @@ module.exports = {
           $(elem).attr('style', cssfilter.process($(elem).attr('style')));
         }
 
-        if ($(elem).attr('href') && $(elem).attr('href').startsWith('javascript:')) {
+        if ($(elem).attr('href') && $(elem).attr('href').trim().toLowerCase().startsWith('javascript:')) {
           $(elem).attr('href', '');
         }
 
-        if ($(elem).attr('src') && $(elem).attr('src').startsWith('javascript:')) {
+        if ($(elem).attr('src') && $(elem).attr('src').trim().toLowerCase().startsWith('javascript:')) {
           $(elem).attr('src', '');
         }
       });