We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
如果是es5/6 可以直接这样调用: myxss = new xss.FilterXSS({ css: false, });
但是如果只是单纯的js, 如何在filterXSS 里设置css 为false ? var html = filterXSS('<script>alert("xss");</scr' + "ipt>");
@leizongmin
The text was updated successfully, but these errors were encountered:
我们尝试只保留 this.cssFilter = false; , 行间样式仍被去除。 有没有相关配置能够保留行间样式呢?
this.cssFilter = false;
Sorry, something went wrong.
@AceChen1 @Huanxin1997 默认的白名单里面不包含 style 属性,只要自定义白名单的时候给标签加上 style 属性即可。而 cssFilter 是用于控制在允许 style 的情况下,是否要做进一步的样式过滤。
style
cssFilter
No branches or pull requests
如果是es5/6 可以直接这样调用:
myxss = new xss.FilterXSS({
css: false,
});
但是如果只是单纯的js, 如何在filterXSS 里设置css 为false ?
var html = filterXSS('<script>alert("xss");</scr' + "ipt>");
@leizongmin
The text was updated successfully, but these errors were encountered: