Browse Source

Add CSS filter for XSS

pull/6/head
Menci 8 years ago
parent
commit
eb33109230
  1. 1
      package.json
  2. 14
      utility.js

1
package.json

@ -28,6 +28,7 @@
"body-parser": "^1.15.2", "body-parser": "^1.15.2",
"cheerio": "^0.22.0", "cheerio": "^0.22.0",
"cookie-parser": "^1.4.3", "cookie-parser": "^1.4.3",
"cssfilter": "0.0.10",
"download": "^5.0.3", "download": "^5.0.3",
"ejs": "^2.5.2", "ejs": "^2.5.2",
"express": "^4.14.0", "express": "^4.14.0",

14
utility.js

@ -73,6 +73,16 @@ module.exports = {
}, },
markdown(obj, keys, noReplaceUI) { markdown(obj, keys, noReplaceUI) {
let cheerio = require('cheerio'); let cheerio = require('cheerio');
let CSSFilter = require('cssfilter');
let cssfilter = new CSSFilter.FilterCSS({
whiteList: Object.assign({}, require('cssfilter/lib/default').whiteList, {
'vertical-align': true,
top: true,
bottom: true,
left: true,
right: true
})
});
let replaceXSS = s => { let replaceXSS = s => {
let $ = cheerio.load(s); let $ = cheerio.load(s);
$('script').remove(); $('script').remove();
@ -85,6 +95,10 @@ module.exports = {
$(elem).removeAttr(key); $(elem).removeAttr(key);
} }
} }
if ($(elem).attr('style')) {
$(elem).attr('style', cssfilter.process($(elem).attr('style')));
}
}); });
return $.html(); return $.html();
}; };

Loading…
Cancel
Save