From e47267c523802d652e3d82c7789f34e528153233 Mon Sep 17 00:00:00 2001 From: adon Date: Thu, 16 Apr 2015 11:53:35 +0800 Subject: [PATCH] release as version 1.1.1 replaced \v to \x0B for correct interpretation by IE<9 --- bower.json | 2 +- dist/xss-filters.1.1.1.min.js | 5 +++++ dist/xss-filters.js | 4 ++-- dist/xss-filters.min.js | 4 ++-- package.json | 2 +- src/xss-filters.js | 28 ++++++++++++++-------------- 6 files changed, 25 insertions(+), 20 deletions(-) create mode 100644 dist/xss-filters.1.1.1.min.js diff --git a/bower.json b/bower.json index dc179a5..da21847 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "xss-filters", - "version": "1.0.4", + "version": "1.1.1", "homepage": "https://github.com/yahoo/xss-filters", "authors": [ "Nera Liu ", diff --git a/dist/xss-filters.1.1.1.min.js b/dist/xss-filters.1.1.1.min.js new file mode 100644 index 0000000..3fe6937 --- /dev/null +++ b/dist/xss-filters.1.1.1.min.js @@ -0,0 +1,5 @@ +/** + * xss-filters - v1.1.1 + * Yahoo! Inc. Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. + */ +!function(a,b){function c(a,b,c){return d.yubl(b((c||d.yufull)(a)))}b.xssFilters=a,a._getPrivFilters=function(){var a,b="undefined",c="null",d=/])/g,i=/[&<>"'`]/g,j=/(?:\x00|^-*!?>|--!?>|--?!?$|\]>|\]$)/g,k=/\/\/%5[Bb]([A-Fa-f0-9:]+)%5[Dd]/,l=["javascript","data","vbscript","mhtml"],m=/(?::|&#[xX]0*3[aA];?|�*58;?|:)/,n=/&(?:#([xX][0-9A-Fa-f]+|\d+);?|Tab;|NewLine;)/g,o=/(?:^[\x00-\x20]+|[\t\n\r\x00]+)/g,p=String.fromCodePoint||String.fromCharCode;return a={yup:function(a){return a=a.replace(g,"").split(m,2),a.length>=2&&a[0]?a[0].replace(n,function(a,c){return typeof c===b?"":p("X"===c[0]||"x"===c[0]?"0"+c:c)}).replace(o,"").toLowerCase():null},y:function(a){return typeof a===b?b:null===a?c:a.toString().replace(i,function(a){return"&"===a?"&":"<"===a?"<":">"===a?">":'"'===a?""":"'"===a?"'":"`"})},yd:function(a){return typeof a===b?b:null===a?c:a.toString().replace(d,"<")},yc:function(a){return typeof a===b?b:null===a?c:a.toString().replace(j,function(a){return"\x00"===a?"�":"--!"===a||"--"===a||"-"===a||"]"===a?a+" ":a.slice(0,-1)+" >"})},yavd:function(a){return typeof a===b?b:null===a?c:a.toString().replace(e,""")},yavs:function(a){return typeof a===b?b:null===a?c:a.toString().replace(f,"'")},yavu:function(a){return typeof a===b?b:null===a?c:a.toString().replace(h,function(a){return" "===a?" ":"\n"===a?" ":" "===a?" ":"\f"===a?" ":"\r"===a?" ":" "===a?" ":">"===a?">":'"'===a?""":"'"===a?"'":"`"===a?"`":"�"})},yu:encodeURI,yuc:encodeURIComponent,yubl:function(b){return-1===l.indexOf(a.yup(b))?b:"x-"+b},yufull:function(b){return a.yu(b).replace(k,function(a,b){return"//["+b+"]"})}}};var d=a._privFilters=a._getPrivFilters();a.inHTMLData=d.yd,a.inHTMLComment=d.yc,a.inSingleQuotedAttr=d.yavs,a.inDoubleQuotedAttr=d.yavd,a.inUnQuotedAttr=d.yavu,a.uriInSingleQuotedAttr=function(a){return c(a,d.yavs)},a.uriInDoubleQuotedAttr=function(a){return c(a,d.yavd)},a.uriInUnQuotedAttr=function(a){return c(a,d.yavu)},a.uriInHTMLData=d.yufull,a.uriInHTMLComment=function(a){return d.yc(d.yufull(a))},a.uriPathInSingleQuotedAttr=function(a){return c(a,d.yavs,d.yu)},a.uriPathInDoubleQuotedAttr=function(a){return c(a,d.yavd,d.yu)},a.uriPathInUnQuotedAttr=function(a){return c(a,d.yavu,d.yu)},a.uriPathInHTMLData=d.yu,a.uriPathInHTMLComment=function(a){return d.yc(d.yu(a))},a.uriQueryInSingleQuotedAttr=a.uriPathInSingleQuotedAttr,a.uriQueryInDoubleQuotedAttr=a.uriPathInDoubleQuotedAttr,a.uriQueryInUnQuotedAttr=a.uriPathInUnQuotedAttr,a.uriQueryInHTMLData=a.uriPathInHTMLData,a.uriQueryInHTMLComment=a.uriPathInHTMLComment,a.uriComponentInSingleQuotedAttr=function(a){return d.yavs(d.yuc(a))},a.uriComponentInDoubleQuotedAttr=function(a){return d.yavd(d.yuc(a))},a.uriComponentInUnQuotedAttr=function(a){return d.yavu(d.yuc(a))},a.uriComponentInHTMLData=d.yuc,a.uriComponentInHTMLComment=function(a){return d.yc(d.yuc(a))},a.uriFragmentInSingleQuotedAttr=function(a){return d.yubl(d.yavs(d.yuc(a)))},a.uriFragmentInDoubleQuotedAttr=function(a){return d.yubl(d.yavd(d.yuc(a)))},a.uriFragmentInUnQuotedAttr=function(a){return d.yubl(d.yavu(d.yuc(a)))},a.uriFragmentInHTMLData=a.uriComponentInHTMLData,a.uriFragmentInHTMLComment=a.uriComponentInHTMLComment}({},function(){return this}()); \ No newline at end of file diff --git a/dist/xss-filters.js b/dist/xss-filters.js index b85f01c..ba0dd45 100644 --- a/dist/xss-filters.js +++ b/dist/xss-filters.js @@ -1,5 +1,5 @@ /** - * xss-filters - v1.1.0 + * xss-filters - v1.1.1 * Yahoo! Inc. Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. */ -!function(a){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=a();else if("function"==typeof define&&define.amd)define([],a);else{var b;b="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this,b.xssFilters=a()}}(function(){return function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0);if(f)return f(g,!0);var j=new Error("Cannot find module '"+g+"'");throw j.code="MODULE_NOT_FOUND",j}var k=c[g]={exports:{}};b[g][0].call(k.exports,function(a){var c=b[g][1][a];return e(c?c:a)},k,k.exports,a,b,c,d)}return c[g].exports}for(var f="function"==typeof require&&require,g=0;g])/g,i=/[&<>"'`]/g,j=/(?:^-*!?>|--!?>|--?!?$|\]>|\]$)/g,k=/\/\/%5[Bb]([A-Fa-f0-9:]+)%5[Dd]/,l=["javascript","data","vbscript","mhtml"],m=/(?::|&#[xX]0*3[aA];?|�*58;?|:)/,n=/&(?:#([xX][0-9A-Fa-f]+|\d+);?|Tab;|NewLine;)/g,o=/(?:^[\x00-\x20]+|[\t\n\r\x00]+)/g,p=String.fromCodePoint||String.fromCharCode;return a={yup:function(a){return a=a.replace(g,"").split(m,2),a.length>=2&&a[0]?a[0].replace(n,function(a,c){return typeof c===b?"":p("X"===c[0]||"x"===c[0]?"0"+c:c)}).replace(o,"").toLowerCase():null},y:function(a){return typeof a===b?b:null===a?c:a.toString().replace(i,function(a){return"&"===a?"&":"<"===a?"<":">"===a?">":'"'===a?""":"'"===a?"'":"`"})},yd:function(a){return typeof a===b?b:null===a?c:a.toString().replace(d,"<")},yc:function(a){return typeof a===b?b:null===a?c:a.toString().replace(g,"�").replace(j,function(a){return"--!"===a||"--"===a||"-"===a||"]"===a?a+" ":a.slice(0,-1)+" >"})},yavd:function(a){return typeof a===b?b:null===a?c:a.toString().replace(e,""")},yavs:function(a){return typeof a===b?b:null===a?c:a.toString().replace(f,"'")},yavu:function(a){return typeof a===b?b:null===a?c:a.toString().replace(h,function(a){return" "===a?" ":"\n"===a?" ":" "===a?" ":"\f"===a?" ":"\r"===a?" ":" "===a?" ":">"===a?">":'"'===a?""":"'"===a?"'":"`"===a?"`":"�"})},yu:encodeURI,yuc:encodeURIComponent,yubl:function(b){return-1===l.indexOf(a.yup(b))?b:"x-"+b},yufull:function(b){return a.yu(b).replace(k,function(a,b){return"//["+b+"]"})}}};var e=c._privFilters=c._getPrivFilters();c.inHTMLData=e.yd,c.inHTMLComment=e.yc,c.inSingleQuotedAttr=e.yavs,c.inDoubleQuotedAttr=e.yavd,c.inUnQuotedAttr=e.yavu,c.uriInSingleQuotedAttr=function(a){return d(a,e.yavs)},c.uriInDoubleQuotedAttr=function(a){return d(a,e.yavd)},c.uriInUnQuotedAttr=function(a){return d(a,e.yavu)},c.uriInHTMLData=e.yufull,c.uriInHTMLComment=function(a){return e.yc(e.yufull(a))},c.uriPathInSingleQuotedAttr=function(a){return d(a,e.yavs,e.yu)},c.uriPathInDoubleQuotedAttr=function(a){return d(a,e.yavd,e.yu)},c.uriPathInUnQuotedAttr=function(a){return d(a,e.yavu,e.yu)},c.uriPathInHTMLData=e.yu,c.uriPathInHTMLComment=function(a){return e.yc(e.yu(a))},c.uriQueryInSingleQuotedAttr=c.uriPathInSingleQuotedAttr,c.uriQueryInDoubleQuotedAttr=c.uriPathInDoubleQuotedAttr,c.uriQueryInUnQuotedAttr=c.uriPathInUnQuotedAttr,c.uriQueryInHTMLData=c.uriPathInHTMLData,c.uriQueryInHTMLComment=c.uriPathInHTMLComment,c.uriComponentInSingleQuotedAttr=function(a){return e.yavs(e.yuc(a))},c.uriComponentInDoubleQuotedAttr=function(a){return e.yavd(e.yuc(a))},c.uriComponentInUnQuotedAttr=function(a){return e.yavu(e.yuc(a))},c.uriComponentInHTMLData=e.yuc,c.uriComponentInHTMLComment=function(a){return e.yc(e.yuc(a))},c.uriFragmentInSingleQuotedAttr=function(a){return e.yubl(e.yavs(e.yuc(a)))},c.uriFragmentInDoubleQuotedAttr=function(a){return e.yubl(e.yavd(e.yuc(a)))},c.uriFragmentInUnQuotedAttr=function(a){return e.yubl(e.yavu(e.yuc(a)))},c.uriFragmentInHTMLData=c.uriComponentInHTMLData,c.uriFragmentInHTMLComment=c.uriComponentInHTMLComment},{}]},{},[1])(1)}); \ No newline at end of file +!function(a){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=a();else if("function"==typeof define&&define.amd)define([],a);else{var b;b="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this,b.xssFilters=a()}}(function(){return function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0);if(f)return f(g,!0);var j=new Error("Cannot find module '"+g+"'");throw j.code="MODULE_NOT_FOUND",j}var k=c[g]={exports:{}};b[g][0].call(k.exports,function(a){var c=b[g][1][a];return e(c?c:a)},k,k.exports,a,b,c,d)}return c[g].exports}for(var f="function"==typeof require&&require,g=0;g])/g,i=/[&<>"'`]/g,j=/(?:\x00|^-*!?>|--!?>|--?!?$|\]>|\]$)/g,k=/\/\/%5[Bb]([A-Fa-f0-9:]+)%5[Dd]/,l=["javascript","data","vbscript","mhtml"],m=/(?::|&#[xX]0*3[aA];?|�*58;?|:)/,n=/&(?:#([xX][0-9A-Fa-f]+|\d+);?|Tab;|NewLine;)/g,o=/(?:^[\x00-\x20]+|[\t\n\r\x00]+)/g,p=String.fromCodePoint||String.fromCharCode;return a={yup:function(a){return a=a.replace(g,"").split(m,2),a.length>=2&&a[0]?a[0].replace(n,function(a,c){return typeof c===b?"":p("X"===c[0]||"x"===c[0]?"0"+c:c)}).replace(o,"").toLowerCase():null},y:function(a){return typeof a===b?b:null===a?c:a.toString().replace(i,function(a){return"&"===a?"&":"<"===a?"<":">"===a?">":'"'===a?""":"'"===a?"'":"`"})},yd:function(a){return typeof a===b?b:null===a?c:a.toString().replace(d,"<")},yc:function(a){return typeof a===b?b:null===a?c:a.toString().replace(j,function(a){return"\x00"===a?"�":"--!"===a||"--"===a||"-"===a||"]"===a?a+" ":a.slice(0,-1)+" >"})},yavd:function(a){return typeof a===b?b:null===a?c:a.toString().replace(e,""")},yavs:function(a){return typeof a===b?b:null===a?c:a.toString().replace(f,"'")},yavu:function(a){return typeof a===b?b:null===a?c:a.toString().replace(h,function(a){return" "===a?" ":"\n"===a?" ":" "===a?" ":"\f"===a?" ":"\r"===a?" ":" "===a?" ":">"===a?">":'"'===a?""":"'"===a?"'":"`"===a?"`":"�"})},yu:encodeURI,yuc:encodeURIComponent,yubl:function(b){return-1===l.indexOf(a.yup(b))?b:"x-"+b},yufull:function(b){return a.yu(b).replace(k,function(a,b){return"//["+b+"]"})}}};var e=c._privFilters=c._getPrivFilters();c.inHTMLData=e.yd,c.inHTMLComment=e.yc,c.inSingleQuotedAttr=e.yavs,c.inDoubleQuotedAttr=e.yavd,c.inUnQuotedAttr=e.yavu,c.uriInSingleQuotedAttr=function(a){return d(a,e.yavs)},c.uriInDoubleQuotedAttr=function(a){return d(a,e.yavd)},c.uriInUnQuotedAttr=function(a){return d(a,e.yavu)},c.uriInHTMLData=e.yufull,c.uriInHTMLComment=function(a){return e.yc(e.yufull(a))},c.uriPathInSingleQuotedAttr=function(a){return d(a,e.yavs,e.yu)},c.uriPathInDoubleQuotedAttr=function(a){return d(a,e.yavd,e.yu)},c.uriPathInUnQuotedAttr=function(a){return d(a,e.yavu,e.yu)},c.uriPathInHTMLData=e.yu,c.uriPathInHTMLComment=function(a){return e.yc(e.yu(a))},c.uriQueryInSingleQuotedAttr=c.uriPathInSingleQuotedAttr,c.uriQueryInDoubleQuotedAttr=c.uriPathInDoubleQuotedAttr,c.uriQueryInUnQuotedAttr=c.uriPathInUnQuotedAttr,c.uriQueryInHTMLData=c.uriPathInHTMLData,c.uriQueryInHTMLComment=c.uriPathInHTMLComment,c.uriComponentInSingleQuotedAttr=function(a){return e.yavs(e.yuc(a))},c.uriComponentInDoubleQuotedAttr=function(a){return e.yavd(e.yuc(a))},c.uriComponentInUnQuotedAttr=function(a){return e.yavu(e.yuc(a))},c.uriComponentInHTMLData=e.yuc,c.uriComponentInHTMLComment=function(a){return e.yc(e.yuc(a))},c.uriFragmentInSingleQuotedAttr=function(a){return e.yubl(e.yavs(e.yuc(a)))},c.uriFragmentInDoubleQuotedAttr=function(a){return e.yubl(e.yavd(e.yuc(a)))},c.uriFragmentInUnQuotedAttr=function(a){return e.yubl(e.yavu(e.yuc(a)))},c.uriFragmentInHTMLData=c.uriComponentInHTMLData,c.uriFragmentInHTMLComment=c.uriComponentInHTMLComment},{}]},{},[1])(1)}); \ No newline at end of file diff --git a/dist/xss-filters.min.js b/dist/xss-filters.min.js index bc84d0b..3fe6937 100644 --- a/dist/xss-filters.min.js +++ b/dist/xss-filters.min.js @@ -1,5 +1,5 @@ /** - * xss-filters - v1.1.0 + * xss-filters - v1.1.1 * Yahoo! Inc. Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms. */ -!function(a,b){function c(a,b,c){return d.yubl(b((c||d.yufull)(a)))}b.xssFilters=a,a._getPrivFilters=function(){var a,b="undefined",c="null",d=/])/g,i=/[&<>"'`]/g,j=/(?:^-*!?>|--!?>|--?!?$|\]>|\]$)/g,k=/\/\/%5[Bb]([A-Fa-f0-9:]+)%5[Dd]/,l=["javascript","data","vbscript","mhtml"],m=/(?::|&#[xX]0*3[aA];?|�*58;?|:)/,n=/&(?:#([xX][0-9A-Fa-f]+|\d+);?|Tab;|NewLine;)/g,o=/(?:^[\x00-\x20]+|[\t\n\r\x00]+)/g,p=String.fromCodePoint||String.fromCharCode;return a={yup:function(a){return a=a.replace(g,"").split(m,2),a.length>=2&&a[0]?a[0].replace(n,function(a,c){return typeof c===b?"":p("X"===c[0]||"x"===c[0]?"0"+c:c)}).replace(o,"").toLowerCase():null},y:function(a){return typeof a===b?b:null===a?c:a.toString().replace(i,function(a){return"&"===a?"&":"<"===a?"<":">"===a?">":'"'===a?""":"'"===a?"'":"`"})},yd:function(a){return typeof a===b?b:null===a?c:a.toString().replace(d,"<")},yc:function(a){return typeof a===b?b:null===a?c:a.toString().replace(g,"�").replace(j,function(a){return"--!"===a||"--"===a||"-"===a||"]"===a?a+" ":a.slice(0,-1)+" >"})},yavd:function(a){return typeof a===b?b:null===a?c:a.toString().replace(e,""")},yavs:function(a){return typeof a===b?b:null===a?c:a.toString().replace(f,"'")},yavu:function(a){return typeof a===b?b:null===a?c:a.toString().replace(h,function(a){return" "===a?" ":"\n"===a?" ":" "===a?" ":"\f"===a?" ":"\r"===a?" ":" "===a?" ":">"===a?">":'"'===a?""":"'"===a?"'":"`"===a?"`":"�"})},yu:encodeURI,yuc:encodeURIComponent,yubl:function(b){return-1===l.indexOf(a.yup(b))?b:"x-"+b},yufull:function(b){return a.yu(b).replace(k,function(a,b){return"//["+b+"]"})}}};var d=a._privFilters=a._getPrivFilters();a.inHTMLData=d.yd,a.inHTMLComment=d.yc,a.inSingleQuotedAttr=d.yavs,a.inDoubleQuotedAttr=d.yavd,a.inUnQuotedAttr=d.yavu,a.uriInSingleQuotedAttr=function(a){return c(a,d.yavs)},a.uriInDoubleQuotedAttr=function(a){return c(a,d.yavd)},a.uriInUnQuotedAttr=function(a){return c(a,d.yavu)},a.uriInHTMLData=d.yufull,a.uriInHTMLComment=function(a){return d.yc(d.yufull(a))},a.uriPathInSingleQuotedAttr=function(a){return c(a,d.yavs,d.yu)},a.uriPathInDoubleQuotedAttr=function(a){return c(a,d.yavd,d.yu)},a.uriPathInUnQuotedAttr=function(a){return c(a,d.yavu,d.yu)},a.uriPathInHTMLData=d.yu,a.uriPathInHTMLComment=function(a){return d.yc(d.yu(a))},a.uriQueryInSingleQuotedAttr=a.uriPathInSingleQuotedAttr,a.uriQueryInDoubleQuotedAttr=a.uriPathInDoubleQuotedAttr,a.uriQueryInUnQuotedAttr=a.uriPathInUnQuotedAttr,a.uriQueryInHTMLData=a.uriPathInHTMLData,a.uriQueryInHTMLComment=a.uriPathInHTMLComment,a.uriComponentInSingleQuotedAttr=function(a){return d.yavs(d.yuc(a))},a.uriComponentInDoubleQuotedAttr=function(a){return d.yavd(d.yuc(a))},a.uriComponentInUnQuotedAttr=function(a){return d.yavu(d.yuc(a))},a.uriComponentInHTMLData=d.yuc,a.uriComponentInHTMLComment=function(a){return d.yc(d.yuc(a))},a.uriFragmentInSingleQuotedAttr=function(a){return d.yubl(d.yavs(d.yuc(a)))},a.uriFragmentInDoubleQuotedAttr=function(a){return d.yubl(d.yavd(d.yuc(a)))},a.uriFragmentInUnQuotedAttr=function(a){return d.yubl(d.yavu(d.yuc(a)))},a.uriFragmentInHTMLData=a.uriComponentInHTMLData,a.uriFragmentInHTMLComment=a.uriComponentInHTMLComment}({},function(){return this}()); \ No newline at end of file +!function(a,b){function c(a,b,c){return d.yubl(b((c||d.yufull)(a)))}b.xssFilters=a,a._getPrivFilters=function(){var a,b="undefined",c="null",d=/])/g,i=/[&<>"'`]/g,j=/(?:\x00|^-*!?>|--!?>|--?!?$|\]>|\]$)/g,k=/\/\/%5[Bb]([A-Fa-f0-9:]+)%5[Dd]/,l=["javascript","data","vbscript","mhtml"],m=/(?::|&#[xX]0*3[aA];?|�*58;?|:)/,n=/&(?:#([xX][0-9A-Fa-f]+|\d+);?|Tab;|NewLine;)/g,o=/(?:^[\x00-\x20]+|[\t\n\r\x00]+)/g,p=String.fromCodePoint||String.fromCharCode;return a={yup:function(a){return a=a.replace(g,"").split(m,2),a.length>=2&&a[0]?a[0].replace(n,function(a,c){return typeof c===b?"":p("X"===c[0]||"x"===c[0]?"0"+c:c)}).replace(o,"").toLowerCase():null},y:function(a){return typeof a===b?b:null===a?c:a.toString().replace(i,function(a){return"&"===a?"&":"<"===a?"<":">"===a?">":'"'===a?""":"'"===a?"'":"`"})},yd:function(a){return typeof a===b?b:null===a?c:a.toString().replace(d,"<")},yc:function(a){return typeof a===b?b:null===a?c:a.toString().replace(j,function(a){return"\x00"===a?"�":"--!"===a||"--"===a||"-"===a||"]"===a?a+" ":a.slice(0,-1)+" >"})},yavd:function(a){return typeof a===b?b:null===a?c:a.toString().replace(e,""")},yavs:function(a){return typeof a===b?b:null===a?c:a.toString().replace(f,"'")},yavu:function(a){return typeof a===b?b:null===a?c:a.toString().replace(h,function(a){return" "===a?" ":"\n"===a?" ":" "===a?" ":"\f"===a?" ":"\r"===a?" ":" "===a?" ":">"===a?">":'"'===a?""":"'"===a?"'":"`"===a?"`":"�"})},yu:encodeURI,yuc:encodeURIComponent,yubl:function(b){return-1===l.indexOf(a.yup(b))?b:"x-"+b},yufull:function(b){return a.yu(b).replace(k,function(a,b){return"//["+b+"]"})}}};var d=a._privFilters=a._getPrivFilters();a.inHTMLData=d.yd,a.inHTMLComment=d.yc,a.inSingleQuotedAttr=d.yavs,a.inDoubleQuotedAttr=d.yavd,a.inUnQuotedAttr=d.yavu,a.uriInSingleQuotedAttr=function(a){return c(a,d.yavs)},a.uriInDoubleQuotedAttr=function(a){return c(a,d.yavd)},a.uriInUnQuotedAttr=function(a){return c(a,d.yavu)},a.uriInHTMLData=d.yufull,a.uriInHTMLComment=function(a){return d.yc(d.yufull(a))},a.uriPathInSingleQuotedAttr=function(a){return c(a,d.yavs,d.yu)},a.uriPathInDoubleQuotedAttr=function(a){return c(a,d.yavd,d.yu)},a.uriPathInUnQuotedAttr=function(a){return c(a,d.yavu,d.yu)},a.uriPathInHTMLData=d.yu,a.uriPathInHTMLComment=function(a){return d.yc(d.yu(a))},a.uriQueryInSingleQuotedAttr=a.uriPathInSingleQuotedAttr,a.uriQueryInDoubleQuotedAttr=a.uriPathInDoubleQuotedAttr,a.uriQueryInUnQuotedAttr=a.uriPathInUnQuotedAttr,a.uriQueryInHTMLData=a.uriPathInHTMLData,a.uriQueryInHTMLComment=a.uriPathInHTMLComment,a.uriComponentInSingleQuotedAttr=function(a){return d.yavs(d.yuc(a))},a.uriComponentInDoubleQuotedAttr=function(a){return d.yavd(d.yuc(a))},a.uriComponentInUnQuotedAttr=function(a){return d.yavu(d.yuc(a))},a.uriComponentInHTMLData=d.yuc,a.uriComponentInHTMLComment=function(a){return d.yc(d.yuc(a))},a.uriFragmentInSingleQuotedAttr=function(a){return d.yubl(d.yavs(d.yuc(a)))},a.uriFragmentInDoubleQuotedAttr=function(a){return d.yubl(d.yavd(d.yuc(a)))},a.uriFragmentInUnQuotedAttr=function(a){return d.yubl(d.yavu(d.yuc(a)))},a.uriFragmentInHTMLData=a.uriComponentInHTMLData,a.uriFragmentInHTMLComment=a.uriComponentInHTMLComment}({},function(){return this}()); \ No newline at end of file diff --git a/package.json b/package.json index 030b3ae..3e7d1d1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "xss-filters", - "version": "1.1.0", + "version": "1.1.1", "licenses": [ { "type": "BSD", diff --git a/src/xss-filters.js b/src/xss-filters.js index 894b02b..51af0b2 100644 --- a/src/xss-filters.js +++ b/src/xss-filters.js @@ -167,16 +167,16 @@ exports._getPrivFilters = function () { return typeof s === STR_UD ? STR_UD : s === null ? STR_NL : s.toString().replace(SPECIAL_ATTR_VALUE_UNQUOTED_CHARS, function (m) { - return m === '\t' ? ' ' // in hex: 09 - : m === '\n' ? ' ' // in hex: 0A - : m === '\v' ? ' ' // in hex: 0B for IE - : m === '\f' ? ' ' // in hex: 0C - : m === '\r' ? ' ' // in hex: 0D - : m === ' ' ? ' ' // in hex: 20 - : m === '>' ? '>' - : m === '"' ? '"' - : m === "'" ? ''' - : m === '`' ? '`' + return m === '\t' ? ' ' // in hex: 09 + : m === '\n' ? ' ' // in hex: 0A + : m === '\x0B' ? ' ' // in hex: 0B for IE. IE<9 \v equals v, so use \x0B instead + : m === '\f' ? ' ' // in hex: 0C + : m === '\r' ? ' ' // in hex: 0D + : m === ' ' ? ' ' // in hex: 20 + : m === '>' ? '>' + : m === '"' ? '"' + : m === "'" ? ''' + : m === '`' ? '`' : /*empty or all null*/ '\uFFFD'; }); }, @@ -235,7 +235,7 @@ function uriInAttr (s, yav, yu) { * * @example * // output context to be applied by this filter. -* +*
{{{inHTMLData htmlData}}}
* */ exports.inHTMLData = privFilters.yd; @@ -247,7 +247,7 @@ exports.inHTMLData = privFilters.yd; * @returns {string} All NULL characters in s are first replaced with \uFFFD. If s contains -->, --!>, or starts with -*>, insert a space right before > to stop state breaking at . If s ends with --!, --, or -, append a space to stop collaborative state breaking at {{{yc s}}}>, {{{yc s}}}!>, {{{yc s}}}-!>, {{{yc s}}}->. If s contains ]> or ends with ], append a space after ] is verified in IE to stop IE conditional comments. * * @description -* +* This filter is to be placed in HTML Comment context *