How to use xss - 10 common examples

To help you get started, we’ve selected a few xss examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github cnodejs / nodeclub / common / render_helper.js View on Github external
language     = validator.escape(language);

  return '<pre class="prettyprint ' + language + '">'
    + '<code>' + validator.escape(token.content) + '</code>'
    + '</pre>';
};

md.renderer.rules.code_block = function (tokens, idx /*, options*/) {
  var token    = tokens[idx];

  return '<pre class="prettyprint">'
    + '<code>' + validator.escape(token.content) + '</code>'
    + '</pre>';
};

var myxss = new jsxss.FilterXSS({
  onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
    // 让 prettyprint 可以工作
    if (tag === 'pre' &amp;&amp; name === 'class') {
      return name + '="' + jsxss.escapeAttrValue(value) + '"';
    }
  }
});

exports.markdown = function (text) {
  return '<div class="markdown-text">' + myxss.process(md.render(text || '')) + '</div>';
};

exports.escapeSignature = function (signature) {
  return signature.split('\n').map(function (p) {
    return _.escape(p);
  }).join('<br>');
github kk0829 / zan-node / src / middlewares / xss.js View on Github external
let one = options.WHITELISTS.find((item) => item.pathReg.test(ctx.path));
        // 黑科技
        if (one && one.options && one.options.close) {
            await next();
            return;
        }
        let wrapOptions = one ? one.options : {};
        const whiteList = xss.getDefaultWhiteList();

        if (wrapOptions.enableStyle) {
            for (let key of Object.keys(whiteList)) {
                whiteList[key].push('style');
            }
        }

        let customXss = new xss.FilterXSS({
            whiteList
        });

        if (query) {
            for (let key of Object.keys(query)) {
                query[key] = customXss.process(query[key]);
            }
        }
        if (bodyData) {
            if (isObject(bodyData)) {
                for (let key of Object.keys(bodyData)) {
                    if (isString(bodyData[key])) {
                        bodyData[key] = bodyData[key].trim();
                        bodyData[key] = customXss.process(bodyData[key]);
                    }
                }
github kk0829 / zan-node / src / middlewares / xss.js View on Github external
return async(ctx, next) => {
        let query = ctx.query;
        let bodyData = ctx.request.body;
        let one = options.WHITELISTS.find((item) => item.pathReg.test(ctx.path));
        // 黑科技
        if (one && one.options && one.options.close) {
            await next();
            return;
        }
        let wrapOptions = one ? one.options : {};
        const whiteList = xss.getDefaultWhiteList();

        if (wrapOptions.enableStyle) {
            for (let key of Object.keys(whiteList)) {
                whiteList[key].push('style');
            }
        }

        let customXss = new xss.FilterXSS({
            whiteList
        });

        if (query) {
            for (let key of Object.keys(query)) {
                query[key] = customXss.process(query[key]);
            }
        }
github kk0829 / zan-node / lib / middlewares / xss.js View on Github external
var _ref = _asyncToGenerator(function* (ctx, next) {
            let query = ctx.query;
            let bodyData = ctx.request.body;
            let one = options.WHITELISTS.find(function (item) {
                return item.pathReg.test(ctx.path);
            });
            // 黑科技
            if (one && one.options && one.options.close) {
                yield next();
                return;
            }
            let wrapOptions = one ? one.options : {};
            const whiteList = xss.getDefaultWhiteList();

            if (wrapOptions.enableStyle) {
                for (let key of Object.keys(whiteList)) {
                    whiteList[key].push('style');
                }
            }

            let customXss = new xss.FilterXSS({
                whiteList
            });

            if (query) {
                for (let key of Object.keys(query)) {
                    query[key] = customXss.process(query[key]);
                }
            }
github bs32g1038 / node-blog / web / utils / helper.ts View on Github external
desktop: 992,
    tablet: 768,
    phone: 576,
};

// Iterate through the sizes and create a media template
export const media = Object.keys(sizes).reduce((acc: any, label) => {
    acc[label] = (...args: any) => css`
        @media (max-width: ${sizes[label] / 16}em) {
            ${css(...args)}
        }
    `;
    return acc;
}, {});

const Xss = new jsxss.FilterXSS({
    onIgnoreTagAttr: (tag: any, name: any, value: any) => {
        // 让 prettyprint 可以工作
        if (tag === 'pre' && name === 'class') {
            return name + '="' + jsxss.escapeAttrValue(value) + '"';
        }
        return '';
    },
});

export const xss = (html: any) => {
    return Xss.process(html);
};

export const isServer = typeof window === 'undefined';
github Esri / arcgis-html-sanitizer / src / index.ts View on Github external
this.arcgisWhiteList,
            filterOptions.whiteList || {}
          ]);
        } else {
          xssFilterOptions[key] = filterOptions[key];
        }
      });
    } else {
      // Only use the defaults
      xssFilterOptions = Object.create(this.arcgisFilterOptions);
      xssFilterOptions.whiteList = this.arcgisWhiteList;
    }

    this.xssFilterOptions = xssFilterOptions;
    // Make this readable to tests
    this._xssFilter = new xss.FilterXSS(xssFilterOptions);
  }
github luoyjx / gaoqi-blog / common / render.js View on Github external
return (
    '<pre class="prettyprint ' +
    language +
    '">' +
    '<code>' +
    validator.escape(token.content) +
    '</code>' +
    '</pre>'
  )
}

md.renderer.rules.code_inline = (tokens, idx /*, options */) =&gt; {
  return '<code>' + validator.escape(tokens[idx].content) + '</code>'
}

const myxss = new jsxss.FilterXSS({
  onIgnoreTagAttr: (tag, name, value, isWhiteAttr) =&gt; {
    // 让 prettyprint 可以工作
    if (tag === 'pre' &amp;&amp; name === 'class') {
      return name + '="' + jsxss.escapeAttrValue(value) + '"'
    }
  }
})

exports.markdown = text =&gt; {
  return (
    '<div class="markdown-text">' +
    myxss.process(md.render(text || '')) +
    '</div>'
  )
}
github bs32g1038 / node-blog / client / libs / marked / index.ts View on Github external
onIgnoreTagAttr: (tag, name, value) => {
        // 让 prettyprint 可以工作
        if (tag === 'pre' && name === 'class') {
            return name + '="' + jsxss.escapeAttrValue(value) + '"';
        }
        return '';
    },
});
github 54sword / api.xiaoduyu.com / app / api / v2 / posts.js View on Github external
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
          if (tag == 'div' && name.substr(0, 5) === 'data-') {
            // 通过内置的escapeAttrValue函数来对属性值进行转义
            return name + '="' + xss.escapeAttrValue(value) + '"';
          }
        }
      })
github cnodejs / nodeclub / common / render_helper.js View on Github external
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
    // 让 prettyprint 可以工作
    if (tag === 'pre' && name === 'class') {
      return name + '="' + jsxss.escapeAttrValue(value) + '"';
    }
  }
});

xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

MIT
Latest version published 10 months ago

Package Health Score

76 / 100
Full package analysis