UNPKG

amos-tool

Version:

amos ui tool

39 lines (37 loc) • 3.45 kB

JavaScript

"use strict"; var attributes = { CASE_INSENSITIVE: "i", MULTILINE: "", DOTALL: "" }, events = [ "oncontrolselect", "oncopy", "oncut", "ondataavailable", "ondatasetchanged", "ondatasetcomplete", "ondblclick", "ondeactivate", "ondrag", "ondragend", "ondragenter", "ondragleave", "ondragover", "ondragstart", "ondrop", "onerror=", "onerroupdate", "onfilterchange", "onfinish", "onfocus", "onfocusin", "onfocusout", "onhelp", "onkeydown", "onkeypress", "onkeyup", "onlayoutcomplete", "onload", "onlosecapture", "onmousedown", "onmouseenter", "onmouseleave", "onmousemove", "onmousout", "onmouseover", "onmouseup", "onmousewheel", "onmove", "onmoveend", "onmovestart", "onabort", "onactivate", "onafterprint", "onafterupdate", "onbefore", "onbeforeactivate", "onbeforecopy", "onbeforecut", "onbeforedeactivate", "onbeforeeditocus", "onbeforepaste", "onbeforeprint", "onbeforeunload", "onbeforeupdate", "onblur", "onbounce", "oncellchange", "onchange", "onclick", "oncontextmenu", "onpaste", "onpropertychange", "onreadystatechange", "onreset", "onresize", "onresizend", "onresizestart", "onrowenter", "onrowexit", "onrowsdelete", "onrowsinserted", "onscroll", "onselect", "onselectionchange", "onselectstart", "onstart", "onstop", "onsubmit", "onunload" ], eventStr = "<+\\s*\\w*\\s*(oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondblclick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|ondrop|onerror=|onerroupdate|onfilterchange|onfinish|onfocus|onfocusin|onfocusout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture|onmousedown|onmouseenter|onmouseleave|onmousemove|onmousout|onmouseover|onmouseup|onmousewheel|onmove|onmoveend|onmovestart|onabort|onactivate|onafterprint|onafterupdate|onbefore|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|onpaste|onpropertychange|onreadystatechange|onreset|onresize|onresizend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|onsubmit|onunload)+\\s*=+", getXssPatternList = function() { var o = []; return o.push({ pattern: "<(no)?script[^>]*>.*?</(no)?script>", flags: [ attributes.CASE_INSENSITIVE ] }), o.push({ pattern: "eval\\((.*?)\\)", flags: [ attributes.CASE_INSENSITIVE, attributes.MULTILINE, attributes.DOTALL ] }), o.push({ pattern: "expression\\((.*?)\\)", flags: [ attributes.CASE_INSENSITIVE, attributes.MULTILINE, attributes.DOTALL ] }), o.push({ pattern: "(javascript:|vbscript:|view-source:)*", flags: [ attributes.CASE_INSENSITIVE ] }), o.push({ pattern: "<(\"[^\"]*\"|'[^']*'|[^'\">])*>", flags: [ attributes.CASE_INSENSITIVE, attributes.MULTILINE, attributes.DOTALL ] }), o.push({ pattern: "(window\\.location|window\\.|\\.location|document\\.cookie|document\\.|alert\\(.*?\\)|window\\.open\\()*", flags: [ attributes.CASE_INSENSITIVE, attributes.MULTILINE, attributes.DOTALL ] }), o.push({ pattern: eventStr, flags: [ attributes.CASE_INSENSITIVE, attributes.MULTILINE, attributes.DOTALL ] }), o; }; module.exports = function(o) { var e = []; return getXssPatternList().forEach(function(n) { var t = new RegExp(n.pattern, n.flags.join("")); e.push(t), o = o.replace(t, ""); }), o; };