search

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
http://jsxss.com
Other
5.21k stars 630 forks source link

feat: add support for allowList as an alias for whiteList #249

Closed schu34 closed 2 years ago

schu34 commented 2 years ago

addresses #219

schu34 commented 2 years ago

@leizongmin Thanks for merging! Any idea when the next release will go out?

yyandapalli commented 2 years ago

@leizongmin Hope you are doing well Any idea when the next release will go out?

leizongmin commented 2 years ago

@schu34 @yyandapalli I have just publish a new version xss@1.0.11 that includes this change.

yyandapalli commented 2 years ago

Thank you very much, highly appreciate

yyandapalli commented 2 years ago

Hi @leizongmin, My team is trying to use this new version of xss (1.0.11) and getting below error with this new version:

file.ts:27:25 - error TS2339: Property 'escapeAttrValue' does not exist on type '(html: string, options?: IFilterXSSOptions) => string'.

27 ? ${name}="${xss.escapeAttrValue(value)}"



file.ts:32:7 - error TS2339: Property 'filterXSS' does not exist on type '(html: string, options?: IFilterXSSOptions) => string'.

**32        xss.filterXSS(dangerousHTML, makeXssOptions());**
- - - - - -
Any idea on why these errors are coming? Is it because of the changes done in xss.d.ts?
Any guidance is much appreciated
yyandapalli commented 2 years ago

Never mind, ignore this We had to change the import as below to fix this: import * as xss from "xss"