rainbownapkin/fore.st
1
0
Fork 0
Code Issues 13 Pull requests Projects Releases Packages Wiki Activity Actions

Fix a few edge cases for XSS

Browse source
This commit is contained in:
calzoneman 2013-10-31 00:48:01 -05:00
parent 271a23cdad
commit 1c3273978b
2 changed files with 20 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

19
lib/xss.js
View file

@ -59,7 +59,7 @@ TagParser.prototype.parse = function () {
// Attributes
var attrs = {};
while (this.text[this.i] !== ">") {
while (this.i < this.text.length && this.text[this.i] !== ">") {
var key = this.readLiteralOrString(/[^\s=>]/);
this.skipWhitespace();
if (this.text[this.i] !== "=") {
@ -77,7 +77,10 @@ TagParser.prototype.parse = function () {
}
this.skipWhitespace();
}
this.i++;
if (this.i < this.text.length) {
this.i++;
}
return {
tagName: tname,
@ -153,8 +156,16 @@ function sanitizeHTML(str) {
for (var k in t.attributes) {
if (k.match(badAttrs)) {
delete t.attributes[k];
} else if (t.attributes[k].match(badAttrValues)) {
t.attributes[k] = t.attributes[k].replace(badAttrValues, "");
} else {
if (t.attributes[k].match(badAttrValues)) {
t.attributes[k] = t.attributes[k].replace(badAttrValues, "");
}
var k2 = k.replace(/[^\w]/g, "");
if (k2 !== k) {
t.attributes[k2] = t.attributes[k];
delete t.attributes[k];
}
}
}
var fmt = "<" + t.tagName;