Fix to escape html comment tag [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
This commit is contained in:
parent
b89a35196a
commit
067cfe2d1e
1 changed files with 1 additions and 1 deletions
|
@ -45,7 +45,7 @@ var filterXSSOptions = {
|
||||||
// allow comment tag
|
// allow comment tag
|
||||||
if (tag === '!--') {
|
if (tag === '!--') {
|
||||||
// do not filter its attributes
|
// do not filter its attributes
|
||||||
return html
|
return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->')
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
onTagAttr: function (tag, name, value, isWhiteAttr) {
|
onTagAttr: function (tag, name, value, isWhiteAttr) {
|
||||||
|
|
Loading…
Reference in a new issue