Fix XSS HTML replace might get wrong on the HTML comments in the code tags

This commit is contained in:
Cheng-Han, Wu 2016-04-20 18:10:43 +08:00
parent 0fb70a1487
commit edc3a31dfd
1 changed files with 4 additions and 0 deletions

View File

@ -3,6 +3,10 @@ var whiteListAttr = ['id', 'class', 'style'];
var filterXSSOptions = {
allowCommentTag: true,
escapeHtml: function (html) {
// to allow html comment in multiple lines
return html.replace(/<(.*?)>/g, '&lt;$1&gt;');
},
onIgnoreTag: function (tag, html, options) {
// allow style in html
if (whiteListTag.indexOf(tag) !== -1) {