summaryrefslogtreecommitdiffstats
path: root/js/lib/xss.js
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--js/lib/xss.js (renamed from node_modules/xss/dist/xss.js)11
1 files changed, 8 insertions, 3 deletions
diff --git a/node_modules/xss/dist/xss.js b/js/lib/xss.js
index 9583a6b..bddbdd8 100644
--- a/node_modules/xss/dist/xss.js
+++ b/js/lib/xss.js
@@ -151,15 +151,19 @@ function safeAttrValue(tag, name, value, cssFilter) {
if (name === "href" || name === "src") {
// filter `href` and `src` attribute
- // only allow the value that starts with `http://` | `https://` | `mailto:` | `/` | `#`
+ // only allow the value that starts with `http://` | `https://` | `mailto:` | `/` | `#` | and others
value = _.trim(value);
if (value === "#") return "#";
if (
!(
value.substr(0, 7) === "http://" ||
value.substr(0, 8) === "https://" ||
+ value.substr(0, 6) === "ftp://" ||
value.substr(0, 7) === "mailto:" ||
value.substr(0, 4) === "tel:" ||
+ value.substr(0, 11) === "data:image/" ||
+ value.substr(0, 2) === "./" ||
+ value.substr(0, 3) === "../" ||
value[0] === "#" ||
value[0] === "/"
)
@@ -504,7 +508,7 @@ function isClosing(html) {
* @return {String}
*/
function parseTag(html, onTag, escapeHtml) {
- "user strict";
+ "use strict";
var rethtml = "";
var lastPos = 0;
@@ -574,7 +578,7 @@ var REGEXP_ILLEGAL_ATTR_NAME = /[^a-zA-Z0-9_:\.\-]/gim;
* @return {String}
*/
function parseAttr(html, onAttr) {
- "user strict";
+ "use strict";
var lastPos = 0;
var retAttrs = [];
@@ -1607,3 +1611,4 @@ module.exports = {
};
},{}]},{},[2]);
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 10:03:15 +0200