Comments (3)
preferred implementation would be here: http://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/plugin/html-sanitizer.js
from angular.js.
Interesting resource: http://ha.ckers.org/xss.html
Parser: http://ejohn.org/blog/pure-javascript-html-parser/
from angular.js.
create HTML sanitizer to allow inclusion of untrusted HTML in safe manner.
Sanitization works in two phases:
- We parse the HTML into sax-like events (start, end, chars).
HTML parsing is very complex, and so it may very well be that what
most browser consider valid HTML may not pares properly here,
but we do best effort. We treat this parser as untrusted. - We have safe sanitizeWriter which treats its input (start, end, chars)
as untrusted content and escapes everything. It only allows elements
in the whitelist and only allows attributes which are whitelisted.
Any attribute value must not start with 'javascript:'. This check
is performed after escaping for entity (&xAB; etc..) and ignoring
any whitespace.
- Correct linky filter to use safeHtmlWriter
- Correct html filter to use safeHtmlWriter
Closed by 6c8107b4305a6684794f7a531ff1362b71dbc5ae; Closed by 6c8107b4305a6684794f7a531ff1362b71dbc5ae
from angular.js.
Related Issues (20)
- Não consigo instalar angular, o node já instalei HOT 2
- erro ao criar um projeto no angular HOT 1
- angular-orianat issue HOT 1
- cant understand why this error occurs in angularjs PHP JSON. This is my error HOT 2
- cant understand why $http:Baddata occur in angularjs php and json. HOT 3
- jjkzh;[\., .]/'ng .;lpk[jk]
- jjkzh;[\., .]/'ng .;lpk[jk]';'
- Touch and Hold on the link cannot bring up context menu HOT 3
- Why not just include the gtag script in your header? HOT 3
- docs: fix the docs to be CommonMark compliant
- Transition Rejection : while upgrading angularjs from 1.5 to 1.8 HOT 1
- ngOptions removeUnknownOption() doesn't work right in mobile browsers HOT 2
- so long
- Angular.Js
- AngularJs
- Vulnerable libraries angular JavaScript angular.js 1.5.3 SNYK-npm HOT 4
- ngChange handler called, on submit, for blank type="number" fields, when they haven't changed
- what correct typing for $sanitize?
- AngularJs 1.7.0 Upgrade Issue. HOT 1
- []
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angular.js.