Fix to escape html comment tag [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
This commit is contained in:
parent
b89a35196a
commit
067cfe2d1e
1 changed files with 1 additions and 1 deletions
|
@ -45,7 +45,7 @@ var filterXSSOptions = {
|
|||
// allow comment tag
|
||||
if (tag === '!--') {
|
||||
// do not filter its attributes
|
||||
return html
|
||||
return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->')
|
||||
}
|
||||
},
|
||||
onTagAttr: function (tag, name, value, isWhiteAttr) {
|
||||
|
|
Loading…
Reference in a new issue