Open wusala01 opened 5 years ago
Hello together,
I was just wondering, whether I misunderstand your tool, or foud a bug.
When I run the following code in Node.JS:
const bleach = require('bleach'), util = require('util'); console.log( "process.versions: %s\n\n", util.inspect(process.versions) ); console.log( "bleach.analyze.result: %s", util.inspect( bleach.analyze(` <a href="#" taget="_blank" onclick="alert('hallo'); return false;" >Klick mich!</a> `), { depth: null } ) );
I get the following output:
process.versions: { http_parser: '2.8.0', node: '9.11.2', v8: '6.2.414.46-node.23', uv: '1.19.2', zlib: '1.2.11', ares: '1.13.0', modules: '59', nghttp2: '1.32.0', napi: '3', openssl: '1.0.2o', icu: '61.1', unicode: '10.0', cldr: '33.0', tz: '2018c' } bleach.analyze.result: [ { full: '<a href="#" taget="_blank" onclick="alert(\'hallo\'); return false;">', name: 'a', attr: [ { name: 'href', value: '#' }, { name: 'taget', value: '_blank' }, { name: 'onclick', value: 'alert(\'hallo\');' }, { name: 'return' }, { name: 'false;"' } ] }, { full: '</a>', name: 'a', attr: [] } ]
In the section
[ /* ..., */ { name: 'onclick', value: 'alert(\'hallo\');' }, { name: 'return' }, { name: 'false;"' } ] }, ]
I would expect the result to be:
[ /* ..., */ { name: 'onclick', value: 'alert(\'hallo\'); return false;"' } ] }, ]
Is that a wrong expectation?
Kind regards, wusala01
Hello together,
I was just wondering, whether I misunderstand your tool, or foud a bug.
When I run the following code in Node.JS:
I get the following output:
In the section
I would expect the result to be:
Is that a wrong expectation?
Kind regards, wusala01