Change to whitelists, prevent CDATA escape

salesforce / secure-filters

Anti-XSS Security Filters for EJS and More

BSD 3-Clause "New" or "Revised" License

139 stars 39 forks source link

Change to whitelists, prevent CDATA escape #14

Closed stash closed 10 years ago

stash commented 11 years ago

In response to https://github.com/goinstant/secure-filters/issues/13

stash commented 11 years ago

@amalkrishnancg ok, all unicode is now encoded as \uHHHH in the js and jsObj filters (as of 61dd292 and 56c309b). I referenced that great article in the README as well!

stash commented 10 years ago

@amalkrishnancg added the UTF-8 caveat and added a <button onclick="..."> example for jsAttr().

stash commented 10 years ago

@amalkrishnancg oops, saw that you LGTM'd in our email thread. Merging! :100: