How to use the xss.escapeAttrValue function in xss

To help you get started, we’ve selected a few xss examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github bs32g1038 / node-blog / client / libs / marked / index.ts View on Github external
onIgnoreTagAttr: (tag, name, value) => {
        // 让 prettyprint 可以工作
        if (tag === 'pre' && name === 'class') {
            return name + '="' + jsxss.escapeAttrValue(value) + '"';
        }
        return '';
    },
});
github 54sword / api.xiaoduyu.com / app / api / v2 / posts.js View on Github external
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
          if (tag == 'div' && name.substr(0, 5) === 'data-') {
            // 通过内置的escapeAttrValue函数来对属性值进行转义
            return name + '="' + xss.escapeAttrValue(value) + '"';
          }
        }
      })
github cnodejs / nodeclub / common / render_helper.js View on Github external
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
    // 让 prettyprint 可以工作
    if (tag === 'pre' && name === 'class') {
      return name + '="' + jsxss.escapeAttrValue(value) + '"';
    }
  }
});
github bs32g1038 / node-blog / react-blog / src / utils / helper.ts View on Github external
onIgnoreTagAttr: (tag: any, name: any, value: any, isWhiteAttr: any) => {
        // 让 prettyprint 可以工作
        if (tag === 'pre' && name === 'class') {
            return name + '="' + jsxss.escapeAttrValue(value) + '"';
        }
        return '';
    }
});
github luoyjx / gaoqi-blog / common / render.js View on Github external
onIgnoreTagAttr: (tag, name, value, isWhiteAttr) => {
    // 让 prettyprint 可以工作
    if (tag === 'pre' && name === 'class') {
      return name + '="' + jsxss.escapeAttrValue(value) + '"'
    }
  }
})
github 54sword / api.xiaoduyu.com / app / api / v1 / posts.js View on Github external
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
          if (tag == 'div' && name.substr(0, 5) === 'data-') {
            // 通过内置的escapeAttrValue函数来对属性值进行转义
            return name + '="' + xss.escapeAttrValue(value) + '"';
          }
        }
      })
github 54sword / api.xiaoduyu.com / app / api / v1 / comment.js View on Github external
onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
          if (tag == 'div' && name.substr(0, 5) === 'data-') {
            // 通过内置的escapeAttrValue函数来对属性值进行转义
            return name + '="' + xss.escapeAttrValue(value) + '"';
          }
        }
      });
github bs32g1038 / node-blog / web / utils / helper.ts View on Github external
onIgnoreTagAttr: (tag: any, name: any, value: any) => {
        // 让 prettyprint 可以工作
        if (tag === 'pre' && name === 'class') {
            return name + '="' + jsxss.escapeAttrValue(value) + '"';
        }
        return '';
    },
});
github discourse / discourse / app / assets / javascripts / pretty-text / addon / sanitizer.js View on Github external
function attr(name, value) {
  if (value) {
    return `${name}="${xss.escapeAttrValue(value)}"`;
  }

  return name;
}
github Esri / arcgis-html-sanitizer / src / index.ts View on Github external
public sanitizeUrl(value: string): string {
    const protocol = this._trim(value.substring(0, value.indexOf(':')));
    if (
      !(
        value === '/' ||
        value === '#' ||
        value[0] === '#' ||
        this.allowedProtocols.indexOf(protocol.toLowerCase()) > -1
      )
    ) {
      return '';
    } else {
      return xss.escapeAttrValue(value);
    }
  }

xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

MIT
Latest version published 10 months ago

Package Health Score

76 / 100
Full package analysis