xssfilter

package module
v0.0.0-...-cb5cea4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 1, 2018 License: MIT Imports: 3 Imported by: 0

README

xssfilter 实验的利用goquery去除HTML文本中的javascript和白名单以外的属性

过滤前:
<div>
    <h1>这是文本标题</h1>
</div>
<div>
    <p>xss</p>
    <script>console.log('xss testing')</script>
</div>
<div>
    <script>console.log('xss testing')</script>
    <p>这是段落前
        <span>abc</span>
    </p>
</div>
<div>
    <p>这是文本内容1,正常</p>
    <p onclick="console.log('hello')">这是文本内容2,包含onclick</p>
    <p class="text3" id="text3" style="color:red">这是文本内容3,包含class/id/style</p>
    <p onmouseup="console.log('hello2')">这是文本内容4,包含onmouseup/script
        <script>console.log('haha')</script>
    </p>
</div>
过滤后:
<div>
    <h1>这是文本标题</h1>
</div>
<div>
    <p>xss</p>

</div>
<div>

    <p>这是段落前
        <span>abc</span>
    </p>
</div>
<div>
    <p>这是文本内容1,正常</p>
    <p>这是文本内容2,包含onclick</p>
    <p class="text3" id="text3" style="color:red">这是文本内容3,包含class/id/style</p>
    <p>这是文本内容4,包含onmouseup/script

    </p>
</div>

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Filter 

type Filter struct {
	NodeBlackList []string
	AttrWhiteList map[string]struct{}
}

Filter html过滤列表, 包含一个标签黑名单和一个属性白名单

func NewFilter 

func NewFilter(nodes, attrs string) *Filter

NewFilter 通过nodes,attrs两个以","分割的字符串创建过滤器

func (*Filter) Clean 

func (filter *Filter) Clean(str, root string) (string, error)

Clean 清理html的元素和属性

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.