Updated to support html comment tag in XSS
This commit is contained in:
parent
26c40dca2d
commit
2501b190ab
1 changed files with 2 additions and 1 deletions
|
@ -1,10 +1,11 @@
|
|||
var whiteListTag = ['style', '!--'];
|
||||
var whiteListAttr = ['id', 'class', 'style'];
|
||||
|
||||
var filterXSSOptions = {
|
||||
allowCommentTag: true,
|
||||
onIgnoreTag: function (tag, html, options) {
|
||||
// allow style in html
|
||||
if (tag === 'style') {
|
||||
if (whiteListTag.indexOf(tag) !== -1) {
|
||||
// do not filter its attributes
|
||||
return html;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue