leizongmin/js-xss issues and pull requests

#291 - Missing single quote escaping when singleQuotedAttributeValue is enabled

Issue - State: open - Opened by mdk000 2 months ago - 1 comment

#290 - fix: add single quote escaping when singleQuotedAttributeValue is enabled

Pull Request - State: open - Opened by mdk000 2 months ago

#288 - How to use this packages in typescript project.

Issue - State: open - Opened by sheikharifulislam 8 months ago - 1 comment

#287 - feat: single-quoted attribute value syntax support

Pull Request - State: closed - Opened by mdk000 9 months ago - 4 comments

#286 - Is it possible to preserve case on attributes when filtering XSS?

Issue - State: open - Opened by ok-martin 9 months ago

#285 - Merge master

Pull Request - State: closed - Opened by 123robi about 1 year ago

#284 - How to see what tags are removed?

Issue - State: open - Opened by Thomas-1985 about 1 year ago

#283 - Doesn't sanitize "<p>abc<iframe//src=jAva&Tab;script:alert(3)>def</p>"

Issue - State: open - Opened by LeanKhan over 1 year ago - 1 comment

#282 - How to whitelist cookies

Issue - State: open - Opened by ashuorg over 1 year ago

#281 - a标签已经被加入到了白名a: ['class', 'href', 'target'],但是href里面放入自定义协议，比如baidu360://efwefwfwe给过滤了，怎么办

Issue - State: open - Opened by daweiyong over 1 year ago - 1 comment

#280 - img src processed to empty

Issue - State: open - Opened by wcnjeusr over 1 year ago - 2 comments

#279 - feat: add <kbd> to default whitelist

Pull Request - State: closed - Opened by rayrny over 1 year ago - 1 comment

#278 - feat: Allow loading attribute on img

Pull Request - State: closed - Opened by maosmurf over 1 year ago

#277 - feat: Allow loading attribute on img

Pull Request - State: closed - Opened by maosmurf over 1 year ago - 1 comment

#276 - Support being imported by Node

Issue - State: open - Opened by amjmhs over 1 year ago

#275 - The href content in a tag is 'data: image', which is not processed

Issue - State: open - Opened by qsy0213 almost 2 years ago

#274 - Cannot create xss instance with options ^1.0.14

Issue - State: open - Opened by quoctienkt almost 2 years ago

#273 - Links in href/src needs a protocol, but not in url(), why ?

Issue - State: open - Opened by sky0matic almost 2 years ago

#272 - chore: fix typo

Pull Request - State: closed - Opened by shigma almost 2 years ago

#271 - Ignore greater or less than symbol?

Issue - State: open - Opened by iamsarthakjoshi almost 2 years ago - 1 comment

#270 - feat: Add <kbd> tag to default whitelist

Pull Request - State: closed - Opened by rayrny almost 2 years ago - 3 comments

#269 - Fix slashes as separators.

Pull Request - State: open - Opened by hensleysecurity almost 2 years ago - 2 comments

#268 - whiteList fails when using slashes to separate tag attributes (PR included)

Issue - State: open - Opened by hensleysecurity almost 2 years ago

#267 - Escaping attribute does not work sufficient

Issue - State: open - Opened by djschilling almost 2 years ago - 1 comment

#266 - I would like to know why all styles need to be whitelisted by configuration before they are not filtered?

Issue - State: open - Opened by XiaoRIGE almost 2 years ago

#265 - At v1.0.14 stripIgnoreTag behavior changed

Issue - State: open - Opened by BlakeStearman about 2 years ago - 1 comment

#264 - src with blob:... is removed

Issue - State: open - Opened by tungnat97 over 2 years ago - 1 comment

#263 - video标签过滤后source标签丢失

Issue - State: open - Opened by wangkemin over 2 years ago - 2 comments

#262 - fix: problem with not closed tag

Pull Request - State: closed - Opened by slawiko over 2 years ago - 2 comments

#261 - fix: add `allowList` to types

Pull Request - State: closed - Opened by metonym over 2 years ago - 2 comments

#260 - 运算符大于号>和小于号<不想被转码

Issue - State: open - Opened by Cossey11111 over 2 years ago - 1 comment

#259 - "invalid group specifier name" error in Safari after upgrade to 1.0.12

Issue - State: closed - Opened by scottohara over 2 years ago - 7 comments
Labels: bug