How to use xss - 10 common examples
To help you get started, we’ve selected a few xss examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
cnodejs / nodeclub / common / render_helper.js View on Github 
language = validator.escape(language);
return '<pre class="prettyprint ' + language + '">'
+ '<code>' + validator.escape(token.content) + '</code>'
+ '</pre>';
};
md.renderer.rules.code_block = function (tokens, idx /*, options*/) {
var token = tokens[idx];
return '<pre class="prettyprint">'
+ '<code>' + validator.escape(token.content) + '</code>'
+ '</pre>';
};
var myxss = new jsxss.FilterXSS({
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
// 让 prettyprint 可以工作
if (tag === 'pre' && name === 'class') {
return name + '="' + jsxss.escapeAttrValue(value) + '"';
}
}
});
exports.markdown = function (text) {
return '<div class="markdown-text">' + myxss.process(md.render(text || '')) + '</div>';
};
exports.escapeSignature = function (signature) {
return signature.split('\n').map(function (p) {
return _.escape(p);
}).join('<br>');let one = options.WHITELISTS.find((item) => item.pathReg.test(ctx.path));
// 黑科技
if (one && one.options && one.options.close) {
await next();
return;
}
let wrapOptions = one ? one.options : {};
const whiteList = xss.getDefaultWhiteList();
if (wrapOptions.enableStyle) {
for (let key of Object.keys(whiteList)) {
whiteList[key].push('style');
}
}
let customXss = new xss.FilterXSS({
whiteList
});
if (query) {
for (let key of Object.keys(query)) {
query[key] = customXss.process(query[key]);
}
}
if (bodyData) {
if (isObject(bodyData)) {
for (let key of Object.keys(bodyData)) {
if (isString(bodyData[key])) {
bodyData[key] = bodyData[key].trim();
bodyData[key] = customXss.process(bodyData[key]);
}
}return async(ctx, next) => {
let query = ctx.query;
let bodyData = ctx.request.body;
let one = options.WHITELISTS.find((item) => item.pathReg.test(ctx.path));
// 黑科技
if (one && one.options && one.options.close) {
await next();
return;
}
let wrapOptions = one ? one.options : {};
const whiteList = xss.getDefaultWhiteList();
if (wrapOptions.enableStyle) {
for (let key of Object.keys(whiteList)) {
whiteList[key].push('style');
}
}
let customXss = new xss.FilterXSS({
whiteList
});
if (query) {
for (let key of Object.keys(query)) {
query[key] = customXss.process(query[key]);
}
}var _ref = _asyncToGenerator(function* (ctx, next) {
let query = ctx.query;
let bodyData = ctx.request.body;
let one = options.WHITELISTS.find(function (item) {
return item.pathReg.test(ctx.path);
});
// 黑科技
if (one && one.options && one.options.close) {
yield next();
return;
}
let wrapOptions = one ? one.options : {};
const whiteList = xss.getDefaultWhiteList();
if (wrapOptions.enableStyle) {
for (let key of Object.keys(whiteList)) {
whiteList[key].push('style');
}
}
let customXss = new xss.FilterXSS({
whiteList
});
if (query) {
for (let key of Object.keys(query)) {
query[key] = customXss.process(query[key]);
}
}desktop: 992,
tablet: 768,
phone: 576,
};
// Iterate through the sizes and create a media template
export const media = Object.keys(sizes).reduce((acc: any, label) => {
acc[label] = (...args: any) => css`
@media (max-width: ${sizes[label] / 16}em) {
${css(...args)}
}
`;
return acc;
}, {});
const Xss = new jsxss.FilterXSS({
onIgnoreTagAttr: (tag: any, name: any, value: any) => {
// 让 prettyprint 可以工作
if (tag === 'pre' && name === 'class') {
return name + '="' + jsxss.escapeAttrValue(value) + '"';
}
return '';
},
});
export const xss = (html: any) => {
return Xss.process(html);
};
export const isServer = typeof window === 'undefined';this.arcgisWhiteList,
filterOptions.whiteList || {}
]);
} else {
xssFilterOptions[key] = filterOptions[key];
}
});
} else {
// Only use the defaults
xssFilterOptions = Object.create(this.arcgisFilterOptions);
xssFilterOptions.whiteList = this.arcgisWhiteList;
}
this.xssFilterOptions = xssFilterOptions;
// Make this readable to tests
this._xssFilter = new xss.FilterXSS(xssFilterOptions);
}return (
'<pre class="prettyprint ' +
language +
'">' +
'<code>' +
validator.escape(token.content) +
'</code>' +
'</pre>'
)
}
md.renderer.rules.code_inline = (tokens, idx /*, options */) => {
return '<code>' + validator.escape(tokens[idx].content) + '</code>'
}
const myxss = new jsxss.FilterXSS({
onIgnoreTagAttr: (tag, name, value, isWhiteAttr) => {
// 让 prettyprint 可以工作
if (tag === 'pre' && name === 'class') {
return name + '="' + jsxss.escapeAttrValue(value) + '"'
}
}
})
exports.markdown = text => {
return (
'<div class="markdown-text">' +
myxss.process(md.render(text || '')) +
'</div>'
)
}onIgnoreTagAttr: (tag, name, value) => {
// 让 prettyprint 可以工作
if (tag === 'pre' && name === 'class') {
return name + '="' + jsxss.escapeAttrValue(value) + '"';
}
return '';
},
});onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
if (tag == 'div' && name.substr(0, 5) === 'data-') {
// 通过内置的escapeAttrValue函数来对属性值进行转义
return name + '="' + xss.escapeAttrValue(value) + '"';
}
}
})onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
// 让 prettyprint 可以工作
if (tag === 'pre' && name === 'class') {
return name + '="' + jsxss.escapeAttrValue(value) + '"';
}
}
});xss
Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
