Browse Source

Disallow id attrubute in XSS

master
Menci 7 years ago
parent
commit
fe4af1faf0
  1. 2
      utility.js

2
utility.js

@ -87,7 +87,7 @@ module.exports = {
let whiteList = Object.assign({}, require('xss/lib/default').whiteList);
delete whiteList.audio;
delete whiteList.video;
for (let tag in whiteList) whiteList[tag] = whiteList[tag].concat(['id', 'style', 'class']);
for (let tag in whiteList) whiteList[tag] = whiteList[tag].concat(['style', 'class']);
let xss = new XSS.FilterXSS({
css: {
whiteList: Object.assign({}, require('cssfilter/lib/default').whiteList, {

Loading…
Cancel
Save