Permalink
Browse files

fix: issue #66 no options mutated

  • Loading branch information...
1 parent 1648cbf commit 3ecf8542a0aaffdd40d0515b48dc7d2edaee3b41 @leizongmin committed Dec 20, 2016
Showing with 28 additions and 2 deletions.
  1. +15 −1 lib/xss.js
  2. +1 −1 package.json
  3. +12 −0 test/test_xss.js
View
@@ -48,6 +48,20 @@ function getAttrs (html) {
}
/**
+ * 浅拷贝对象
+ *
+ * @param {Object} obj
+ * @return {Object}
+ */
+function shallowCopyObject (obj) {
+ var ret = {};
+ for (var i in obj) {
+ ret[i] = obj[i];
+ }
+ return ret;
+}
+
+/**
* XSS过滤对象
*
* @param {Object} options
@@ -57,7 +71,7 @@ function getAttrs (html) {
* css{whiteList, onAttr, onIgnoreAttr} css=false表示禁用cssfilter
*/
function FilterXSS (options) {
- options = options || {};
+ options = shallowCopyObject(options || {});
if (options.stripIgnoreTag) {
if (options.onIgnoreTag) {
View
@@ -14,7 +14,7 @@
},
"dependencies": {
"commander": "^2.9.0",
- "cssfilter": "^0.0.8"
+ "cssfilter": "0.0.9"
},
"devDependencies": {
"browserify": "^13.0.1",
View
@@ -235,4 +235,16 @@ describe('test XSS', function () {
});
+ it('no options mutated', function () {
+ var options = {};
+
+ var ret = xss('test', options);
+ console.log(options);
+ assert.deepEqual(options, {});
+
+ var ret2 = new _xss.FilterXSS(options);
+ console.log(options);
+ assert.deepEqual(options, {});
+ });
+
});

0 comments on commit 3ecf854

Please sign in to comment.