How to use the xss.safeAttrValue function in xss

To help you get started, we’ve selected a few xss examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github datosgobar / consulta-publica / lib / richtext / lib / xss-filter.js View on Github external
safeAttrValue: function (tag, name, value, cssFilter) {
      value = xss.safeAttrValue(tag, name, value, cssFilter)

      // Remove protocol from srcs, to force https when needed
      if (config.forceSafeImageURLs &&
        name === 'src' &&
        typeof value === 'string') {
        value = value.replace(/^https?:\/\//, '//')
      }

      // Parse iframe's to only allow video embeds
      if (tag === 'iframe' && name === 'src') {
        var video = videoUrlInspector(value)
        value = video ? video.embedUrl : ''
      }

      return value
    }
github Esri / arcgis-html-sanitizer / src / index.ts View on Github external
safeAttrValue: (
      tag: string,
      name: string,
      value: string,
      cssFilter: XSS.ICSSFilter
    ): string => {
      // Take over safe attribute filtering for `a` `href`, `img` `src`,
      // `audio` `src`, and `video` `src` attributes, otherwise pass onto the
      // default `XSS.safeAttrValue` method.
      if (
        (tag === 'a' && name === 'href') ||
        ((tag === 'img' || tag === 'audio' || tag === 'video') && name === 'src')
      ) {
        return this.sanitizeUrl(value);
      }
      return xss.safeAttrValue(tag, name, value, cssFilter);
    }
  };

xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

MIT
Latest version published 10 months ago

Package Health Score

76 / 100
Full package analysis