added support for src embedded image, ftp and relative urls

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

http://jsxss.com

Other

5.19k stars 630 forks source link

added support for src embedded image, ftp and relative urls #189

Closed sijanec closed 4 years ago

sijanec commented 4 years ago

Those can't contain playloads. Reference to the issue #174

tamias commented 4 years ago

Note that I'm not a committer, but I notice two issues in your PR: Line 162 duplicates line 161, and line 166 should have substr(0, 3).

sijanec commented 4 years ago

Thanks, @tamias , I added another commit with your information. I didn't really care about this pull, just wanted to inform the maintainers, I use a custom edited dist file in production.-