Skip to content

Commit

Permalink
update sanitize过滤器
Browse files Browse the repository at this point in the history
  • Loading branch information
qincheng committed Sep 29, 2014
1 parent 8925819 commit 14719c3
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 9 deletions.
8 changes: 4 additions & 4 deletions examples/antixss.html
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
<!DOCTYPE html>
<html>
<head>
<title>ms-on-mousewheel</title>
<title>反XSS攻击</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<script src="../avalon.js"></script>
<script>
avalon.define("test", function(vm) {
vm.aaa = "<img onclick=333 src=http://tp2.sinaimg.cn/1823438905/180/40054009869/1/><p onclick='aaa' onclick2=\"ddd\" title=eee onpress=eee>onclick=eee<span onmouseup='ddd'>ddd</span></p><script>alert(1)<\/script>"
vm.aaa = "<img onclick=333 src='http://www.baidu.com/img/baidu_jgylogo3.gif'>" +
"<form onclick=333 action='javascript:alert(1)'></form>" +
"<p onclick='aaa' onclick2=\"ddd\" title=eee onpress=eee>onclick=eee<span onmouseup='ddd'>ddd</span></p><script>alert(1)<\/script>"
})



</script>
</head>

Expand Down
20 changes: 15 additions & 5 deletions examples/avalon.$events.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2268,7 +2268,7 @@
function addAssign(vars, scope, name, data) {
var ret = [],
prefix = " =" + name + "."

for (var i = vars.length, path; path = vars[--i]; ) {
var arr = path.split(".")
var flag = inObject(scope, arr)
Expand Down Expand Up @@ -3859,10 +3859,13 @@
* 自带过滤器 *
**********************************************************************/
var rscripts = /<script[^>]*>([\S\s]*?)<\/script\s*>/gim
var raimg = /^<(a|img)\s/i
var ron = /\s+(on[^=\s]+)(?:=("[^"]*"|'[^']*'|[^\s>]+))?/g
var ropen = /<\w+\b(?:(["'])[^"]*?(\1)|[^>])*>/ig
var rjavascripturl = /\s+(src|href)(?:=("javascript[^"]*"|'javascript[^']*'))?/ig
var rsanitize = {
a: /\b(href)\=("javascript[^"]*"|'javascript[^']*')/ig,
img: /\b(src)\=("javascript[^"]*"|'javascript[^']*')/ig,
form: /\b(action)\=("javascript[^"]*"|'javascript[^']*')/ig
}
var rsurrogate = /[\uD800-\uDBFF][\uDC00-\uDFFF]/g
var rnoalphanumeric = /([^\#-~| |!])/g;
var filters = avalon.filters = {
Expand All @@ -3887,8 +3890,15 @@
// <a href="jav&#x0A;ascript:alert('XSS');">IE67chrome</a>
sanitize: function(str) {
return str.replace(rscripts, "").replace(ropen, function(a, b) {
if (raimg.test(a)) {
a = a.replace(rjavascripturl, " $1=''")//移除javascript伪协议
var match = a.toLowerCase().match(/<(\w+)\s/)
if (match) {//处理a标签的href属性,img标签的src属性,form标签的action属性
var reg = rsanitize[match[1]]
if (reg) {
a = a.replace(reg, function(s, name, value) {
var quote = value.charAt(0)
return name + "=" + quote + "void(0)" + quote
})
}
}
return a.replace(ron, " ").replace(/\s+/g, " ")//移除onXXX事件
})
Expand Down

0 comments on commit 14719c3

Please sign in to comment.