diff options
Diffstat (limited to '')
| -rw-r--r-- | public/js/render.js | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/public/js/render.js b/public/js/render.js index ebda2984..af6fb3d4 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -1,40 +1,40 @@ /* eslint-env browser, jquery */ // allow some attributes -var filterXSS = require('xss') +const filterXSS = require('xss') -var whiteListAttr = ['id', 'class', 'style'] +const whiteListAttr = ['id', 'class', 'style'] window.whiteListAttr = whiteListAttr // allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript:// -var linkRegex = /^(?!javascript:\/\/)([\w|-]+:\/\/)|^([.|/])+/i +const linkRegex = /^(?!javascript:\/\/)([\w|-]+:\/\/)|^([.|/])+/i // allow data uri, from https://gist.github.com/bgrins/6194623 -var dataUriRegex = /^\s*data:([a-z]+\/[a-z0-9-+.]+(;[a-z-]+=[a-z0-9-]+)?)?(;base64)?,([a-z0-9!$&',()*+;=\-._~:@/?%\s]*)\s*$/i +const dataUriRegex = /^\s*data:([a-z]+\/[a-z0-9-+.]+(;[a-z-]+=[a-z0-9-]+)?)?(;base64)?,([a-z0-9!$&',()*+;=\-._~:@/?%\s]*)\s*$/i // custom white list -var whiteList = filterXSS.whiteList +const whiteList = filterXSS.whiteList // allow ol specify start number -whiteList['ol'] = ['start'] +whiteList.ol = ['start'] // allow li specify value number -whiteList['li'] = ['value'] +whiteList.li = ['value'] // allow style tag -whiteList['style'] = [] +whiteList.style = [] // allow kbd tag -whiteList['kbd'] = [] +whiteList.kbd = [] // allow ifram tag with some safe attributes -whiteList['iframe'] = ['allowfullscreen', 'name', 'referrerpolicy', 'src', 'width', 'height'] +whiteList.iframe = ['allowfullscreen', 'name', 'referrerpolicy', 'src', 'width', 'height'] // allow summary tag -whiteList['summary'] = [] +whiteList.summary = [] // allow ruby tag -whiteList['ruby'] = [] +whiteList.ruby = [] // allow rp tag for ruby -whiteList['rp'] = [] +whiteList.rp = [] // allow rt tag for ruby -whiteList['rt'] = [] +whiteList.rt = [] // allow figure tag -whiteList['figure'] = [] +whiteList.figure = [] // allow figcaption tag -whiteList['figcaption'] = [] +whiteList.figcaption = [] -var filterXSSOptions = { +const filterXSSOptions = { allowCommentTag: true, whiteList: whiteList, escapeHtml: function (html) { |