Updated to support html comment tag in XSS

This commit is contained in:
Cheng-Han, Wu 2016-02-16 09:51:22 -06:00
parent 26c40dca2d
commit 2501b190ab

View file

@ -1,10 +1,11 @@
var whiteListTag = ['style', '!--'];
var whiteListAttr = ['id', 'class', 'style'];
var filterXSSOptions = {
allowCommentTag: true,
onIgnoreTag: function (tag, html, options) {
// allow style in html
if (tag === 'style') {
if (whiteListTag.indexOf(tag) !== -1) {
// do not filter its attributes
return html;
}