Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

.xss() incorrectly removes whitespace #231

Closed
halfdan opened this issue Oct 30, 2013 · 0 comments
Closed

.xss() incorrectly removes whitespace #231

halfdan opened this issue Oct 30, 2013 · 0 comments

Comments

@halfdan
Copy link
Contributor

halfdan commented Oct 30, 2013

As per TryGhost/Ghost#1328:

> var sanitize = require('validator').sanitize;
undefined
> sanitize('Write "Hello, World!"').xss();
'Write"Hello, World!"'

The whitespace after Write should not be removed by .xss().
@halfdan halfdan mentioned this issue Oct 30, 2013
Closed
chriso added a commit that referenced this issue Oct 31, 2013
@chriso
Remove the XSS filter.
2d5d699 
The xss() function was originally a port of the XSS filter from
CodeIgniter. I added it to the library because there wasn't an
alternative at the time. Unfortunately I don't have the time or
expertise to maintain the XSS filter or keep merging upstream
changes.

If you need one for your app, I suggest looking at Caja sanitisation
engine maintained by Google. (https://code.google.com/p/google-caja/
source/browse/trunk/src/com/google/caja/plugin/html-sanitizer.js)

Closes #123, #138, #181, #206, #210, #221, #223, #226, #227, #231, #232
@chriso chriso closed this as completed Oct 31, 2013
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix incorrect whitespace removal.
2 participants
@halfdan @chriso