Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: whitelist match failure due to case ignoring #256

Merged
merged 3 commits into from
May 27, 2022
Merged

fix: whitelist match failure due to case ignoring #256

merged 3 commits into from
May 27, 2022

Conversation

lumburr
Copy link
Contributor

@lumburr lumburr commented Apr 2, 2022

close #173

leizongmin
leizongmin reviewed Apr 6, 2022
View reviewed changes
lib/xss.js
function keysToLowerCase(obj) {
var ret = {};
for (var i in obj) {
if (Array.isArray(obj[i])) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

考虑到整体代码风格的统一,这里不要用箭头函数。可改为:

ret[i.toLowerCase()] = obj[i].map(function (item) {
 return item.toLowerCase();
});

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it!

leizongmin
leizongmin reviewed Apr 17, 2022
View reviewed changes
test/test_xss.js Outdated
@@ -15,8 +15,8 @@ function xss(html, options) {
return ret;
}

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

test_xss.js 这个文件也是类似的问题,跟本次要修复的问题无关的地方不要做修改(比如这里将 function() 改为 function ()),其次不要用箭头函数

leizongmin
leizongmin reviewed Apr 17, 2022
View reviewed changes
test/test_xss.js Outdated
@@ -367,17 +367,17 @@ describe("test XSS", function() {
assert.equal(
xss(
"<!--[if gte IE 4]><SCRI" +
"PT>alert('XSS');</SCRI" +
"PT><![endif]--> END",
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里增加了不相干的空格

@lumburr lumburr requested a review from leizongmin April 20, 2022 02:08
@leizongmin leizongmin merged commit 1e44466 into leizongmin:master May 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leizongmin leizongmin Awaiting requested review from leizongmin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Camel case tag names are escaped
2 participants
@lumburr @leizongmin