diff --git a/lib/xss.js b/lib/xss.js
index 149b0d35..fb04129d 100644
--- a/lib/xss.js
+++ b/lib/xss.js
@@ -59,7 +59,7 @@ TagParser.prototype.parse = function () {
// Attributes
var attrs = {};
- while (this.text[this.i] !== ">") {
+ while (this.i < this.text.length && this.text[this.i] !== ">") {
var key = this.readLiteralOrString(/[^\s=>]/);
this.skipWhitespace();
if (this.text[this.i] !== "=") {
@@ -77,7 +77,10 @@ TagParser.prototype.parse = function () {
}
this.skipWhitespace();
}
- this.i++;
+
+ if (this.i < this.text.length) {
+ this.i++;
+ }
return {
tagName: tname,
@@ -153,8 +156,16 @@ function sanitizeHTML(str) {
for (var k in t.attributes) {
if (k.match(badAttrs)) {
delete t.attributes[k];
- } else if (t.attributes[k].match(badAttrValues)) {
- t.attributes[k] = t.attributes[k].replace(badAttrValues, "");
+ } else {
+ if (t.attributes[k].match(badAttrValues)) {
+ t.attributes[k] = t.attributes[k].replace(badAttrValues, "");
+ }
+
+ var k2 = k.replace(/[^\w]/g, "");
+ if (k2 !== k) {
+ t.attributes[k2] = t.attributes[k];
+ delete t.attributes[k];
+ }
}
}
var fmt = "<" + t.tagName;
diff --git a/tests/xss.js b/tests/xss.js
index c63e40f9..45aa46cc 100644
--- a/tests/xss.js
+++ b/tests/xss.js
@@ -10,6 +10,11 @@ function basicTest() {
assert(sanitize("") ===
"");
+
+ assert(sanitize("");
+
+ assert(sanitize("![](\"<a)
>") ===
+ ">");
}
basicTest();