怎么过滤url上的xss代码

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

http://jsxss.com

Other

5.21k stars 628 forks source link

怎么过滤url上的xss代码 #93

Closed wulucxy closed 7 years ago

wulucxy commented 7 years ago

类似于这种路由地址：

https://www.host.com/app/follow?follow=1&uid=2300052</script+><script>alert(583)</script>

Lizhooh commented 7 years ago

var xss = require('xss');
var url = xss('https://www.host.com/app/follow?follow=1&uid=2300052</script+><script>alert(583)</script>');
console.log(url);