zhaojunzhe
/
fair-web
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Allow Data URIs in XSS filter

master
Menci 7 years ago committed by GitHub
parent
25bb4935a6
commit
0239f82a1f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      utility.js

5
utility.js
Unescape View File

@ -100,7 +100,10 @@ module.exports = {
}) })
}, },
whiteList: whiteList, whiteList: whiteList,
stripIgnoreTag: true stripIgnoreTag: true,
onTagAttr: (tag, name, value, isWhiteAttr) => {
if (tag.toLowerCase() === 'img' && name.toLowerCase() === 'src' && value.startsWith('data:image/')) return name + '="' + XSS.escapeAttrValue(value) + '"';
}
}); });
let replaceXSS = s => { let replaceXSS = s => {
s = xss.process(s); s = xss.process(s);

Write Preview
Loading…
Cancel
Save