Permalink
Browse files

Modify the behaviour of filter_attributes, re #74

  • Loading branch information...
1 parent e3c8889 commit b5229705ab01f8be11ebe7cf21124335684437ef @chriso committed Jun 19, 2012
Showing with 9 additions and 2 deletions.
  1. +8 −2 lib/xss.js
  2. +1 −0 test/filter.test.js
View
@@ -114,14 +114,20 @@ exports.clean = function(str, is_image) {
if (str.match(/<a/i)) {
str = str.replace(/<a\s+([^>]*?)(>|$)/gi, function(m, attributes, end_tag) {
attributes = filter_attributes(attributes.replace('<','').replace('>',''));
- return m.replace(attributes, attributes.replace(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi, ''));
+ if (attributes.match(/href=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi)) {
+ return m.replace(attributes, '');
+ }
+ return m;
});
}
if (str.match(/<img/i)) {
str = str.replace(/<img\s+([^>]*?)(\s?\/?>|$)/gi, function(m, attributes, end_tag) {
attributes = filter_attributes(attributes.replace('<','').replace('>',''));
- return m.replace(attributes, attributes.replace(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi, ''));
+ if (attributes.match(/src=.*?(alert\(|alert&\#40;|javascript\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)/gi)) {
+ return m.replace(attributes, '');
+ }
+ return m;
});
}
View
@@ -132,6 +132,7 @@ module.exports = {
//Need more tests!
assert.equal(' foobar', Filter.sanitize('javascript : foobar').xss());
assert.equal(' foobar', Filter.sanitize('j a vasc ri pt: foobar').xss());
+ assert.equal('<a >some text</a>', Filter.sanitize('<a href="javascript:alert(\'xss\')">some text</a>').xss());
var url = 'http://www.example.com/test.php?a=b&b=c&c=d';
assert.equal(url, Filter.sanitize(url).xss());

0 comments on commit b522970

Please sign in to comment.