iframe missing from TS IWhiteList

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

http://jsxss.com

Other

5.2k stars 629 forks source link

iframe missing from TS IWhiteList #172

Open Joshuaweiss opened 5 years ago

Joshuaweiss commented 5 years ago

It seems the TypeScript type IWhiteList is missing iframe as a valid key. Is this intentional?

Wundark commented 5 years ago

Would also appreciate it if iframe could be added as a valid key

leizongmin commented 4 years ago

It means iframe is not in the default whitelist, you can try this way:

interface ICustomWhiteList extends XSS.IWhiteList {
  iframe?: string[];
}

AdrianNeatu commented 3 years ago

@leizongmin but it is defined as the type for the whiteList prop in IFilterXSSOptions so if you don't want to have the entire list of html tags there you should just have the whiteList prop as Record<string, string> and only have IWhiteList as the type for the defaultList only.

leizongmin commented 3 years ago

I have published a new version xss@1.0.9 including the following changes:

Fix whitespace bypass #218 by @TomAnthony
Add <summary> to default whitelist #216 by @spacegaier
Add <figure> and <figcaption> to default whitelist by @daraz999
Add <audio crossorigin muted>, <video crossorigin muted playsinline poster> to default whitelist
Add <strike> to default whitelist
Fix: typings IWhiteList allow any tag name
Fix: typings onTag options