Merge pull request #60 from yahoo/updated-dependencies

Refreshed devDependencies and resolved build issues

.travis.yml

@@ -1,8 +1,8 @@
 language: node_js
 node_js:
+- 'node'
+- '4'
 - '0.12'
-- '0.11'
-- '0.10'
 env:
   global:
     - secure: iaRFUMPT3/tYf4FZhDmWScwfnRCzk8AakeqDoiNhCx/z0O6LMha8gPuJkWF1Cnl34LmCkmQa1ZeFYht50Fjst0g7SEgjC4H4GOSLTuG1bJU3fqQYIxFrODJd0Zw0RpgrwE+I1sShwm67Ywf3PAJQWsqOQAACZjZnohjbsEElpJg=
@@ -12,16 +12,15 @@ addons:
 notifications:
   email:
     recipients:
-    - neraliu@yahoo-inc.com
+    - adon@yahoo-inc.com
   on_success: change
   on_failure: always
 after_success:
 - test $(cat $TRAVIS_BUILD_DIR/package.json | grep version | awk '{print $2}' | sed 's/"//g' | sed 's/,//g' | awk '{print "v"$1}' ) = $TRAVIS_TAG && test $(echo $TRAVIS_NODE_VERSION | awk '{print $1}' ) = '0.12' && export VALID_VERSION=true
 deploy:
   provider: npm
-  email: [email protected]
   api_key:
-    secure: dXgtzjI57fYTysVANjVvUBnyk+jUSkUlN8sRt9he+v516LQ80asY8ZNLZ+H6aUlLgXCTK78mk+zXXmLdD4/mPXuZ0MGZYTDOI3fbwfuCSQc4X3vKqtSDHp7Qh1uU9+0SOCC0t6jKzEoBXj3ceY7FxeRwh1HwJYtnSOU3VT/1yIM=
+    secure: UkFovSRO5RhBUZdEe1ZsRs6+XO493XP1GnnZGK9PsFAYU5sHv+z4S8Xz0blFsJy0b7dBQbCGTeIugQlq6NIlAnfhCHGwCRPH3wQIeCOo/FWRDmeCeaBXrQNt1dcpByGzfAPZ6mww/0u4nyy35JPP9MYr2pR2tYVgq91cdd6okOk=
   on:
     condition: $VALID_VERSION = true
     tags: true

Gruntfile.js

@@ -22,8 +22,7 @@ module.exports = function(grunt) {
         src: ['README.md', 'src/<%= pkg.name %>.js'], 
         options: {
           destination: 'dist/docs',
-          template : 'node_modules/grunt-jsdoc/node_modules/ink-docstrap/template',
-          configure : 'jsdoc.conf.json'
+          template : 'node_modules/ink-docstrap/template'
         }
       }
     },
@@ -46,7 +45,8 @@ module.exports = function(grunt) {
               + ' */\n',
         compress: {
           join_vars: true
-        }
+        },
+        screwIE8: false // must turn it off, otherwise, \x0B will be converted as \v, which is interpreted as v in IE8 or below
       },
       buildBrowserified: {
         src: 'dist/<%= pkg.name %>.js',

LICENSE

@@ -30,6 +30,6 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-Authors: Nera Liu <neraliu@yahoo-inc.com>
-         Adonis Fung <adon@yahoo-inc.com>
-         Albert Yu <albertyu@yahoo-inc.com>
+Authors: Adonis Fung <adon@yahoo-inc.com>
+         Nera Liu <neraliu@gmail.com>
+         Albert Yu <yukinying@gmail.com>

bower.json

@@ -1,11 +1,11 @@
 {
   "name": "xss-filters",
-  "version": "1.2.6",
+  "version": "1.2.7",
   "homepage": "https://github.com/yahoo/xss-filters",
   "authors": [
-    "Nera Liu <[email protected]>",
     "Adonis Fung <[email protected]>",
-    "Albert Yu <[email protected]>"
+    "Nera Liu <[email protected]>",
+    "Albert Yu <[email protected]>"
   ],
   "description": "Just sufficient output filtering to prevent XSS",
   "main": "dist/xss-filters.min.js",

dist/xss-filters.js

@@ -82,9 +82,10 @@ exports._getPrivFilters = function () {
         };
 
 
-    function getProtocol(s) {
-        s = s.split(URI_PROTOCOL_COLON, 2);
-        return (s.length === 2 && s[0]) ? s[0] : null;
+    function getProtocol(str) {
+        var s = str.split(URI_PROTOCOL_COLON, 2);
+        // str.length !== s[0].length is for older IE (e.g., v8), where delimeter residing at last will result in length equals 1, but not 2
+        return (s[0] && (s.length === 2 || str.length !== s[0].length)) ? s[0] : null;
     }
 
     function htmlDecode(s, namedRefMap, reNamedRef, skipReplacement) {
@@ -179,6 +180,7 @@ exports._getPrivFilters = function () {
         var protocol = getProtocol(s);
 
         // prefix ## for blacklisted protocols
+        // here .replace(URI_PROTOCOL_WHITESPACES, '') is not needed since yufull has already percent-encoded the whitespaces
         return (protocol && URI_BLACKLIST_PROTOCOLS[protocol.toLowerCase()]) ? '##' + s : s;
     }