Fix slashes as separators.

leizongmin · Dec 29, 2022 · 843beed · 843beed
1 parent c339c1f
commit 843beed
Show file tree

Hide file tree

Showing 7 changed files with 3,229 additions and 13 deletions.
diff --git a/dist/xss.js b/dist/xss.js
@@ -528,7 +528,7 @@ var _ = require("./util");
  * @return {String}
  */
 function getTagName(html) {
-  var i = _.spaceIndex(html);
+  var i = _.separatorIndex(html);
   var tagName;
   if (i === -1) {
     tagName = html.slice(1, -1);
@@ -681,8 +681,8 @@ function parseAttr(html, onAttr) {
         }
       }
     }
-    if (/\s|\n|\t/.test(c)) {
-      html = html.replace(/\s|\n|\t/g, " ");
+    if (/\s|\//.test(c)) {
+      html = html.replace(/\s|\//g, " ");
       if (tmpName === false) {
         j = findNextEqual(html, i);
         if (j === -1) {
@@ -800,8 +800,8 @@ module.exports = {
     }
     return str.replace(/(^\s*)|(\s*$)/g, "");
   },
-  spaceIndex: function (str) {
-    var reg = /\s|\n|\t/;
+  separatorIndex: function (str) {
+    var reg = /\s|\b\/[^>]/;
     var match = reg.exec(str);
     return match ? match.index : -1;
   },
@@ -840,7 +840,7 @@ function isNull(obj) {
  *   - {Boolean} closing
  */
 function getAttrs(html) {
-  var i = _.spaceIndex(html);
+  var i = _.separatorIndex(html);
   if (i === -1) {
     return {
       html: "",

diff --git a/dist/xss.min.js b/dist/xss.min.js
diff --git a/lib/parser.js b/lib/parser.js
@@ -13,7 +13,7 @@ var _ = require("./util");
  * @return {String}
  */
 function getTagName(html) {
-  var i = _.spaceIndex(html);
+  var i = _.separatorIndex(html);
   var tagName;
   if (i === -1) {
     tagName = html.slice(1, -1);
@@ -166,8 +166,8 @@ function parseAttr(html, onAttr) {
         }
       }
     }
-    if (/\s|\n|\t/.test(c)) {
-      html = html.replace(/\s|\n|\t/g, " ");
+    if (/\s|\//.test(c)) {
+      html = html.replace(/\s|\//g, " ");
       if (tmpName === false) {
         j = findNextEqual(html, i);
         if (j === -1) {

diff --git a/lib/util.js b/lib/util.js
@@ -26,8 +26,8 @@ module.exports = {
     }
     return str.replace(/(^\s*)|(\s*$)/g, "");
   },
-  spaceIndex: function (str) {
-    var reg = /\s|\n|\t/;
+  separatorIndex: function (str) {
+    var reg = /\s|\b\/[^>]/;
     var match = reg.exec(str);
     return match ? match.index : -1;
   },

diff --git a/lib/xss.js b/lib/xss.js
@@ -30,7 +30,7 @@ function isNull(obj) {
  *   - {Boolean} closing
  */
 function getAttrs(html) {
-  var i = _.spaceIndex(html);
+  var i = _.separatorIndex(html);
   if (i === -1) {
     return {
       html: "",

diff --git a/test/test_xss.js b/test/test_xss.js
@@ -151,6 +151,16 @@ describe("test XSS", function() {
       xss('<a\n\n\n\ttarget="_blank"\t\t\t\ntitle="bbb">'),
       '<a target="_blank" title="bbb">'
     );
+
+    // 属性用斜杠分隔
+    assert.equal(
+      xss('<img/width=100/height=200/src="#"/>'),
+      '<img width="100" height="200" src="#" />'
+    );
+    assert.equal(
+      xss('<a/target="_blank"///title="bbb">'),
+      '<a target="_blank" title="bbb">'
+    );
   });
 
   // 自定义白名单