From 4c4a0e0f3fe9b4e33f2182f3f8e20d87736b371d Mon Sep 17 00:00:00 2001
From: Cheng-Han, Wu
Date: Thu, 11 Feb 2016 03:45:13 -0600
Subject: Fixed prevent XSS might break lots of tags and only need after
 rendered

---
 public/js/render.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 public/js/render.js

(limited to 'public/js/render.js')

diff --git a/public/js/render.js b/public/js/render.js
new file mode 100644
index 00000000..1abb68c5
--- /dev/null
+++ b/public/js/render.js
@@ -0,0 +1,13 @@
+function preventXSS(html) {
+    var options = {
+        allowCommentTag: true,
+        onIgnoreTagAttr: function (tag, name, value, isWhiteAttr) {
+            // allow attr start with 'data-' or equal 'id' and 'class'
+            if (name.substr(0, 5) === 'data-' || name === 'id' || name === 'class') {
+                // escape its value using built-in escapeAttrValue function
+                return name + '="' + filterXSS.escapeAttrValue(value) + '"';
+            }
+        }
+    };
+    return filterXSS(html, options);
+}
\ No newline at end of file
-- 
cgit v1.2.3