xss過濾 · ushare-editor

**防止xss攻擊需引入xss.js，[xss相關文檔](https://www.npmjs.com/package/xss)** 瀏覽器使用方式 ``` <script src="https://rawgit.com/leizongmin/js-xss/master/dist/xss.js"></script> <script> // apply function filterXSS in the same way var html = filterXSS('<script>alert("xss");</scr' + 'ipt>'); alert(html); </script> ``` 提供一個模塊化加載的白名單例子，此方法可以解決word拷貝文字出現word標簽的問題，也可以大大降低xss攻擊的風險 ``` import xss from 'xss' const Config = { xss: { whiteList: { a: ['href', 'title', 'target','style'], img: ['style','src'], table: ['style', 'align'], tr: ['style', 'align'], th: ['style', 'align'], td: ['style', 'align'], span: ['style'], ol: ['style'], ul: ['style'], li: ['style'], blockquote: ['style'], p: ['style'], h1: ['style'], h2: ['style'], h3: ['style'], h4: ['style'], h5: ['style'], h6: ['style'], del: [], br: [], pre: ['style', 'class'], code: ['style', 'class'], em: [], // style: ['type'], div: ['class'], // html: [], // body: [], head: [], title: [], // meta: [], // font: ['size'], strong: ['style'], b: ['style'], hr: [], strike: ['style'], u: [] }, commentWhiteList: { img: ['src'] } } } let articleContent; // 文章內容 articleContent = xss(articleContent,{ whiteList: Config.xss.whiteList, stripIgnoreTag: true, // 過濾所有非白名單標簽的HTML stripIgnoreTagBody: ['style','script'] // 需要過濾標簽中間的內容 }); ```