How to use the xss.getDefaultWhiteList function in xss

github kk0829 / zan-node / src / middlewares / xss.js View on Github external
return async(ctx, next) => {
        let query = ctx.query;
        let bodyData = ctx.request.body;
        let one = options.WHITELISTS.find((item) => item.pathReg.test(ctx.path));
        // 黑科技
        if (one && one.options && one.options.close) {
            await next();
        let wrapOptions = one ? one.options : {};
        const whiteList = xss.getDefaultWhiteList();

        if (wrapOptions.enableStyle) {
            for (let key of Object.keys(whiteList)) {

        let customXss = new xss.FilterXSS({

        if (query) {
            for (let key of Object.keys(query)) {
                query[key] = customXss.process(query[key]);
github ACGN-stock / acgn-stock / client / utils / helpers.js View on Github external
html = `<br>${html}`;

      return html;

    return outputKatexHTML;

// 防止 xss 幫我們跳脫字元
function escapeHtml(html) {
  return html;

const whiteList = xss.getDefaultWhiteList();

const xssFilter = {
  type: 'output',
  filter: function(text) {
    return xss(text, { escapeHtml, whiteList, css: {
      whiteList: {
        'aria-hidden': true,
        'vertical-align': true,
        'top': true,
        'position': true,
        'height': true
    } });
github yarnpkg / website / js / src / components / Markdown.js View on Github external
} catch (err) {}

    try {
      const prepared = hljs.highlightAuto(code);
      return `<pre><code class="${prepared.language}">${
    } catch (err) {}

    return `<pre><code>${code}</code></pre>`;

  return xss(marked(source, { renderer, mangle: false }), {
    whiteList: {
      code: ['class'],
      span: ['class'],
      h1: ['id'],
      h2: ['id'],
      h3: ['id'],
      h4: ['id'],
      h5: ['id'],
      h6: ['id'],


