search

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
http://jsxss.com
Other
5.2k stars 629 forks source link

Input not sanitized #153

Closed omarsafwany closed 5 years ago

omarsafwany commented 5 years ago

If the input contains tabs, spaces or newline, nothing is sanitized. E.g.:

{
    layout: `<table>
                        <header></header>
                        <section></section>
                        <footer></footer> 
                    </table>`;
}

Expected Output:

{
    layout: `&lt;table&gt;
                        &lt;header&gt;&lt;/header&gt;
                        &lt;section&gt;&lt;/section&gt;
                        &lt;footer&gt;&lt;/footer&gt;
                    &lt;/table&gt;`;
}

Actual Output:

{
    layout: `<table>
                        <header></header>
                        <section></section>
                        <footer></footer> 
                    </table>`;
}

I have also tried to add all on one line as follows:

{
    layout: `<table><header></header><section></section><footer></footer></table>`
}

But still I got the same as the output.