Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
5.16k
stars
633
forks
source link
a标签已经被加入到了白名a: ['class', 'href', 'target'],但是href里面放入自定义协议,比如baidu360://efwefwfwe给过滤了,怎么办 #281
Open
daweiyong opened 11 months ago
name: 'innerHTML', // xss白名单,可根据业务需求自己定制 value:
xss(_s(${directiveMeta.value}), { whiteList: { img: ['class', 'src', 'style', 'fileurl'], br: [], i: [], a: ['class', 'href', 'target'], span: ['class', 'style'], p: ['class'], font: ['style'], b: ['class','style'], div: ['class','style'], u: ['class','style'], h1:['class','style'], h2:['class','style'], h3:['class','style'], h4:['class','style'], h5:['class','style'], h6:['class','style'], ul:['class','style'], li:['class','style'], ol:['class','style'], blockquote:['class','style'], em:['class','style'], strong:['class','style'], hr:['class','style'], code:['class','style'] } })