Browse Source

Fix XSS with href or src

pull/6/head
Menci 8 years ago
parent
commit
d6fc888757
  1. 8
      utility.js

8
utility.js

@ -99,6 +99,14 @@ module.exports = {
if ($(elem).attr('style')) { if ($(elem).attr('style')) {
$(elem).attr('style', cssfilter.process($(elem).attr('style'))); $(elem).attr('style', cssfilter.process($(elem).attr('style')));
} }
if ($(elem).attr('href') && $(elem).attr('href').startsWith('javascript:')) {
$(elem).attr('href', '');
}
if ($(elem).attr('src') && $(elem).attr('src').startsWith('javascript:')) {
$(elem).attr('src', '');
}
}); });
return $.html(); return $.html();
}; };

Loading…
Cancel
Save