Open sozakir opened 3 years ago
The main function of this module is to filter out illegal HTML code based on a whitelist. If the input contains non-whitelist tags means it is vulnerable, then you can try to setup onIgnoreTag
options like this:
var source = '<div a="1" b="2" data-a="3" data-b="4">hello</div>';
var isVulnerable = false;
var html = xss(source, {
onIgnoreTag: function (tag, html, options)
isVulnerable = true;
}
});
Hi, I am using
js-xss
library in my project. I want to check whether a input string is vulnerable using thejs-xss
library. How can we check whether string would be vulnerable before sanitizing it.I am checking the input and output string if they are equal then string is not vulnerable otherwise vulnerable.
Is there any function in the library which can check whether string is vulnerable.?
because current function fails for this string
test < test
and returntest < test
which says it is vulnerable but it is not i guess