Progress tag - Githubissues

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

http://jsxss.com

Other

5.19k stars 630 forks source link

Progress tag #217

Open jerod33 opened 3 years ago

jerod33 commented 3 years ago

Hi, is it possible to add<progress> or <meter> in the allowed list? Thank you.

lumburr commented 2 years ago

Although I think it's OK to add these two tags as defaults, you can also change the default whitelist by xss.getDefaultWhiteList()

var source = `<progress value="32" max="100"> 32% </progress>`
var whiteList = xss.getDefaultWhiteList()
whiteList.progress = ["value", "max"]
var html = xss(source, {whiteList})
console.log('%s\nconvert to:\n%s', source, html);