How to use the xss.FilterXSS function in xss

To help you get started, we’ve selected a few xss examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github cnodejs / nodeclub / common / render_helper.js View on Github external
language     = validator.escape(language);

  return '<pre class="prettyprint ' + language + '">'
    + '<code>' + validator.escape(token.content) + '</code>'
    + '</pre>';
};

md.renderer.rules.code_block = function (tokens, idx /*, options*/) {
  var token    = tokens[idx];

  return '<pre class="prettyprint">'
    + '<code>' + validator.escape(token.content) + '</code>'
    + '</pre>';
};

var myxss = new jsxss.FilterXSS({
  onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
    // 让 prettyprint 可以工作
    if (tag === 'pre' &amp;&amp; name === 'class') {
      return name + '="' + jsxss.escapeAttrValue(value) + '"';
    }
  }
});

exports.markdown = function (text) {
  return '<div class="markdown-text">' + myxss.process(md.render(text || '')) + '</div>';
};

exports.escapeSignature = function (signature) {
  return signature.split('\n').map(function (p) {
    return _.escape(p);
  }).join('<br>');
github kk0829 / zan-node / src / middlewares / xss.js View on Github external
let one = options.WHITELISTS.find((item) => item.pathReg.test(ctx.path));
        // 黑科技
        if (one && one.options && one.options.close) {
            await next();
            return;
        }
        let wrapOptions = one ? one.options : {};
        const whiteList = xss.getDefaultWhiteList();

        if (wrapOptions.enableStyle) {
            for (let key of Object.keys(whiteList)) {
                whiteList[key].push('style');
            }
        }

        let customXss = new xss.FilterXSS({
            whiteList
        });

        if (query) {
            for (let key of Object.keys(query)) {
                query[key] = customXss.process(query[key]);
            }
        }
        if (bodyData) {
            if (isObject(bodyData)) {
                for (let key of Object.keys(bodyData)) {
                    if (isString(bodyData[key])) {
                        bodyData[key] = bodyData[key].trim();
                        bodyData[key] = customXss.process(bodyData[key]);
                    }
                }
github bs32g1038 / node-blog / web / utils / helper.ts View on Github external
desktop: 992,
    tablet: 768,
    phone: 576,
};

// Iterate through the sizes and create a media template
export const media = Object.keys(sizes).reduce((acc: any, label) => {
    acc[label] = (...args: any) => css`
        @media (max-width: ${sizes[label] / 16}em) {
            ${css(...args)}
        }
    `;
    return acc;
}, {});

const Xss = new jsxss.FilterXSS({
    onIgnoreTagAttr: (tag: any, name: any, value: any) => {
        // 让 prettyprint 可以工作
        if (tag === 'pre' && name === 'class') {
            return name + '="' + jsxss.escapeAttrValue(value) + '"';
        }
        return '';
    },
});

export const xss = (html: any) => {
    return Xss.process(html);
};

export const isServer = typeof window === 'undefined';
github Esri / arcgis-html-sanitizer / src / index.ts View on Github external
this.arcgisWhiteList,
            filterOptions.whiteList || {}
          ]);
        } else {
          xssFilterOptions[key] = filterOptions[key];
        }
      });
    } else {
      // Only use the defaults
      xssFilterOptions = Object.create(this.arcgisFilterOptions);
      xssFilterOptions.whiteList = this.arcgisWhiteList;
    }

    this.xssFilterOptions = xssFilterOptions;
    // Make this readable to tests
    this._xssFilter = new xss.FilterXSS(xssFilterOptions);
  }
github luoyjx / gaoqi-blog / common / render.js View on Github external
return (
    '<pre class="prettyprint ' +
    language +
    '">' +
    '<code>' +
    validator.escape(token.content) +
    '</code>' +
    '</pre>'
  )
}

md.renderer.rules.code_inline = (tokens, idx /*, options */) =&gt; {
  return '<code>' + validator.escape(tokens[idx].content) + '</code>'
}

const myxss = new jsxss.FilterXSS({
  onIgnoreTagAttr: (tag, name, value, isWhiteAttr) =&gt; {
    // 让 prettyprint 可以工作
    if (tag === 'pre' &amp;&amp; name === 'class') {
      return name + '="' + jsxss.escapeAttrValue(value) + '"'
    }
  }
})

exports.markdown = text =&gt; {
  return (
    '<div class="markdown-text">' +
    myxss.process(md.render(text || '')) +
    '</div>'
  )
}
github yinxin630 / fiora / utils / xss.js View on Github external
const xss = require('xss');

const myXss = new xss.FilterXSS({
    whiteList: {
    },
});

module.exports = function processXss(text) {
    return myXss.process(text);
};
github tabarra / txAdmin / src / webroutes / diagnostics-log.js View on Github external
//Requires
const dateFormat = require('dateformat');
const xssClass = require("xss");
const { dir, log, logOk, logWarn, logError, cleanTerminal, getLog } = require('../extras/console');
const webUtils = require('./webUtils.js');
const context = 'WebServer:Diagnostics-Log';

//Set custom xss rules
const xss = new xssClass.FilterXSS({
    whiteList: []
});


/**
 * Returns the output page containing the full report
 * @param {object} res
 * @param {object} req
 */
module.exports = async function action(res, req) {
    const logHistory = getLog();

    let processedLog = [];
    logHistory.forEach(logData =&gt; {
        let ts = dateFormat(new Date(logData.ts*1000), 'HH:MM:ss');
        let mark = `<mark class="consoleMark-${logData.type.toLowerCase()}">[${ts}][${logData.ctx}]</mark>`;
github yinxin630 / fiora / src / client / util / xss.js View on Github external
import xss from 'xss';

const myXss = new xss.FilterXSS({
    whiteList: {
    },
});

export default function (value) {
    return myXss.process(value);
}
github astroboy-lab / astroboy / plugins / astroboy-security / app / middlewares / astroboy-security-xss.js View on Github external
module.exports = (options, app) => {
  const myxss = new xss.FilterXSS(options);
  const deepXss = function(value, deep = true) {
    let res;

    if (Array.isArray(value) && value.length > 0) {
      res = [];
    } else if (lodash.isPlainObject(value) && Object.keys(value).length > 0) {
      res = {};
    } else {
      if (typeof value === 'string') {
        return myxss.process(value.trim());
      }
      return value;
    }

    return lodash.reduce(
      value,
github EOSIO / ricardian-template-toolkit / src / specVersions / v0.0 / helpers.ts View on Github external
export function sanitizeHtml(html: string): string {
  const tagStack: string[] = []
  const whiteList = getWhiteList()

  const sanitizer = new xss.FilterXSS({
    whiteList,
    onTag: (tag: string, _1: string, options: any): string | void => {
      return processTag(tagStack, tag, options)
    },
    onIgnoreTag: (tag: string, _1: string, options: any) => {
      throw new RicardianContractRenderError({
        tag, reason: `Disallowed tag "${tag}" found at position ${options.sourcePosition}`,
      })
    },
    onIgnoreTagAttr: (tag: string, name: string, _1: string, _2: boolean) => {
      throw new RicardianContractRenderError({
        tag, reason: `Disallowed attribute "${name}" found on tag "${tag}"`,
      })
    },
  })

xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

MIT
Latest version published 10 months ago

Package Health Score

76 / 100
Full package analysis