From fe4af1faf0aeae168f51b7175c25b405b7f9926f Mon Sep 17 00:00:00 2001
From: Menci <HuangHaoRui301@Gmail.com>
Date: Thu, 13 Jul 2017 10:43:43 +0800
Subject: [PATCH] Disallow id attrubute in XSS

---
 utility.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utility.js b/utility.js
index 365c7d5..e754f1b 100644
--- a/utility.js
+++ b/utility.js
@@ -87,7 +87,7 @@ module.exports = {
     let whiteList = Object.assign({}, require('xss/lib/default').whiteList);
     delete whiteList.audio;
     delete whiteList.video;
-    for (let tag in whiteList) whiteList[tag] = whiteList[tag].concat(['id', 'style', 'class']);
+    for (let tag in whiteList) whiteList[tag] = whiteList[tag].concat(['style', 'class']);
     let xss = new XSS.FilterXSS({
       css: {
         whiteList: Object.assign({}, require('cssfilter/lib/default').whiteList, {