Add custom tag filter case to doc

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

http://jsxss.com

Other

5.19k stars 630 forks source link

Add custom tag filter case to doc #223

Open Kolobok12309 opened 3 years ago

Kolobok12309 commented 3 years ago

For some cases can be usefull filtering tag not only in whitelist, but use all other library functionality. For example allow all tags, but filter attrs for predefined tags Library support this case, but it not obvious JSFiddle

filterXSS(html, {
  whiteList: {},
  onTag(tag, html, options) {
    options.isWhite = true;
  }
});

leizongmin commented 3 years ago

I have published a new version xss@1.0.9 including the following changes:

Fix whitespace bypass #218 by @TomAnthony
Add <summary> to default whitelist #216 by @spacegaier
Add <figure> and <figcaption> to default whitelist by @daraz999
Add <audio crossorigin muted>, <video crossorigin muted playsinline poster> to default whitelist
Add <strike> to default whitelist
Fix: typings IWhiteList allow any tag name
Fix: typings onTag options