1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
| class XssFilter { constructor() { this.rules = { whiteList: { a: ['href', 'title', 'target'], img: ['src', 'alt'], p: [], div: [], span: [], br: [], strong: [], em: [] }, stripIgnoreTag: true, stripIgnoreTagBody: ['script'] } } filter(html) { if (typeof html !== 'string') { return html } return html.replace(/<\/?[^>]*>/g, '').replace(/&[^;]+;/g, '') } escape(html) { return html.replace(/[&<>"']/g, match => { const escape = { '&': '&', '<': '<', '>': '>', '"': '"', "'": ''' } return escape[match] }) } validate(str) { const pattern = /<script|javascript:|on\w+\s*=|style\s*=|href\s*=|alert\s*\(|confirm\s*\(|prompt\s*\(/i return !pattern.test(str) } }
export default new XssFilter()
|