sanitize.js

100% Statements 14/14
75% Branches 3/4
100% Functions 3/3
100% Lines 14/14

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30 1×
1×
1×
1×
 
 
 
 
 
 
 
 
 
 
 
1×
1×
4×
4×
4×
4×
2×
1×
1×
 
 
 
4×
 
  var rscripts = /<script[^>]*>([\S\s]*?)<\/script\s*>/gim
var ron = /\s+(on[^=\s]+)(?:=("[^"]*"|'[^']*'|[^\s>]+))?/g
var ropen = /<\w+\b(?:(["'])[^"]*?(\1)|[^>])*>/ig
var rsanitize = {
    a: /\b(href)\=("javascript[^"]*"|'javascript[^']*')/ig,
    img: /\b(src)\=("javascript[^"]*"|'javascript[^']*')/ig,
    form: /\b(action)\=("javascript[^"]*"|'javascript[^']*')/ig
}
 
//https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
//    <a href="javasc&NewLine;ript&colon;alert('XSS')">chrome</a> 
//    <a href="data:text/html;base64, PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">chrome</a>
//    <a href="jav	ascript:alert('XSS');">IE67chrome</a>
//    <a href="jav&#x09;ascript:alert('XSS');">IE67chrome</a>
//    <a href="jav&#x0A;ascript:alert('XSS');">IE67chrome</a>
export function sanitizeFilter(str) {
    return str.replace(rscripts, "").replace(ropen, function (a, b) {
        var match = a.toLowerCase().match(/<(\w+)\s/)
        Eif (match) { //处理a标签的href属性，img标签的src属性，form标签的action属性
            var reg = rsanitize[match[1]]
            if (reg) {
                a = a.replace(reg, function (s, name, value) {
                    var quote = value.charAt(0)
                    return name + "=" + quote + "javascript:void(0)" + quote// jshint ignore:line
                })
            }
        }
        return a.replace(ron, " ").replace(/\s+/g, " ") //移除onXXX事件
    })
}