search

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
http://jsxss.com
Other
5.19k stars 630 forks source link

why i use xssFilter({ css: false }) is not take effect? #234

Open caoyanxuan opened 3 years ago

caoyanxuan commented 3 years ago 
var myxss = new xss.FilterXSS({
  css: false,
});

myxss(<span style=\"color:#f39c12\">123</span>) // => <span>123</span>  i need style attr
Statfine commented 3 years ago

me too!

dertieran commented 3 years ago

By default any style attribute is removed, so you also need to allow it.

From the README.md

If you allow the attribute style, the value will be processed by cssfilter module.

guestccc commented 1 year ago

me too!