diff options
Diffstat (limited to 'node_modules/cssfilter')
-rw-r--r-- | node_modules/cssfilter/LICENSE | 22 | ||||
-rw-r--r-- | node_modules/cssfilter/README.md | 86 | ||||
-rw-r--r-- | node_modules/cssfilter/lib/css.js | 110 | ||||
-rw-r--r-- | node_modules/cssfilter/lib/default.js | 398 | ||||
-rw-r--r-- | node_modules/cssfilter/lib/index.js | 32 | ||||
-rw-r--r-- | node_modules/cssfilter/lib/parser.js | 74 | ||||
-rw-r--r-- | node_modules/cssfilter/lib/util.js | 35 | ||||
-rw-r--r-- | node_modules/cssfilter/package.json | 77 |
8 files changed, 834 insertions, 0 deletions
diff --git a/node_modules/cssfilter/LICENSE b/node_modules/cssfilter/LICENSE new file mode 100644 index 0000000..49b61eb --- /dev/null +++ b/node_modules/cssfilter/LICENSE @@ -0,0 +1,22 @@ +The MIT License (MIT) + +Copyright (c) 2015 老雷 + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/node_modules/cssfilter/README.md b/node_modules/cssfilter/README.md new file mode 100644 index 0000000..21cd65d --- /dev/null +++ b/node_modules/cssfilter/README.md @@ -0,0 +1,86 @@ +[![NPM version](https://badge.fury.io/js/cssfilter.png)](http://badge.fury.io/js/xss) +[![Build Status](https://secure.travis-ci.org/leizongmin/js-css-filter.png?branch=master)](http://travis-ci.org/leizongmin/js-css-filter) +[![Dependencies Status](https://david-dm.org/leizongmin/js-css-filter.png)](https://david-dm.org/leizongmin/js-css-filter) +[![coveralls-image](https://img.shields.io/coveralls/leizongmin/js-css-filter.svg?style=flat-square)](https://coveralls.io/r/leizongmin/js-css-filter?branch=master) + +# cssfilter +Sanitize untrusted CSS with a configuration specified by a Whitelist. 根据白名单过滤CSS + + +## 安装 + +```bash +$ npm install cssfilter --save +``` + + +## 使用方法 + +```javascript +var cssfilter = require('cssfilter'); +var css = cssfilter('position:fixed; /* this is comments */ width:100px; height:100px; background:#aaa;'); +console.log(css); +// 输出:width:100px; height:100px; background:#aaa; +// 因为position不在白名单允许范围 +``` + +或者: + +```javascript +options = { + // 白名单,可选 + whiteList: { + a: true, // true表示允许 + b: /^fixed|relative$/, // 正则test()返回true表示允许 + c: function (value) { + // 返回true表示允许 + }, + d: false // 除以上三个以外,所有值均表示不允许 + }, + // 当匹配到一个在白名单中的属性时 + onAttr: function (name, value, options) { + // name为属性名 + // value为属性值 + // 返回字符串表示覆盖此段CSS + // 不返回任何值表示使用默认生成方法,即 name:value + }, + // 当匹配到一个不在白名单中的属性时 + onIgnoreAttr: function (name, value, options) { + // name为属性名 + // value为属性值 + // 返回字符串表示覆盖此段CSS + // 不返回任何值表示使用默认生成方法,即将此段CSS去掉 + } +}; +mycss = new cssfilter.FilterCSS(options); +// then apply mycss.process() +css = mycss.process('position:fixed; width:100px; height:100px; background:#aaa;'); +console.log(css); +``` + + +## License + +``` +The MIT License (MIT) + +Copyright (c) 2015-2016 Zongmin Lei(雷宗民) <leizongmin@gmail.com> + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` diff --git a/node_modules/cssfilter/lib/css.js b/node_modules/cssfilter/lib/css.js new file mode 100644 index 0000000..49e9707 --- /dev/null +++ b/node_modules/cssfilter/lib/css.js @@ -0,0 +1,110 @@ +/** + * cssfilter + * + * @author 老雷<leizongmin@gmail.com> + */ + +var DEFAULT = require('./default'); +var parseStyle = require('./parser'); +var _ = require('./util'); + + +/** + * 返回值是否为空 + * + * @param {Object} obj + * @return {Boolean} + */ +function isNull (obj) { + return (obj === undefined || obj === null); +} + +/** + * 浅拷贝对象 + * + * @param {Object} obj + * @return {Object} + */ +function shallowCopyObject (obj) { + var ret = {}; + for (var i in obj) { + ret[i] = obj[i]; + } + return ret; +} + +/** + * 创建CSS过滤器 + * + * @param {Object} options + * - {Object} whiteList + * - {Function} onAttr + * - {Function} onIgnoreAttr + * - {Function} safeAttrValue + */ +function FilterCSS (options) { + options = shallowCopyObject(options || {}); + options.whiteList = options.whiteList || DEFAULT.whiteList; + options.onAttr = options.onAttr || DEFAULT.onAttr; + options.onIgnoreAttr = options.onIgnoreAttr || DEFAULT.onIgnoreAttr; + options.safeAttrValue = options.safeAttrValue || DEFAULT.safeAttrValue; + this.options = options; +} + +FilterCSS.prototype.process = function (css) { + // 兼容各种奇葩输入 + css = css || ''; + css = css.toString(); + if (!css) return ''; + + var me = this; + var options = me.options; + var whiteList = options.whiteList; + var onAttr = options.onAttr; + var onIgnoreAttr = options.onIgnoreAttr; + var safeAttrValue = options.safeAttrValue; + + var retCSS = parseStyle(css, function (sourcePosition, position, name, value, source) { + + var check = whiteList[name]; + var isWhite = false; + if (check === true) isWhite = check; + else if (typeof check === 'function') isWhite = check(value); + else if (check instanceof RegExp) isWhite = check.test(value); + if (isWhite !== true) isWhite = false; + + // 如果过滤后 value 为空则直接忽略 + value = safeAttrValue(name, value); + if (!value) return; + + var opts = { + position: position, + sourcePosition: sourcePosition, + source: source, + isWhite: isWhite + }; + + if (isWhite) { + + var ret = onAttr(name, value, opts); + if (isNull(ret)) { + return name + ':' + value; + } else { + return ret; + } + + } else { + + var ret = onIgnoreAttr(name, value, opts); + if (!isNull(ret)) { + return ret; + } + + } + }); + + return retCSS; +}; + + +module.exports = FilterCSS; diff --git a/node_modules/cssfilter/lib/default.js b/node_modules/cssfilter/lib/default.js new file mode 100644 index 0000000..b677225 --- /dev/null +++ b/node_modules/cssfilter/lib/default.js @@ -0,0 +1,398 @@ +/** + * cssfilter + * + * @author 老雷<leizongmin@gmail.com> + */ + +function getDefaultWhiteList () { + // 白名单值说明: + // true: 允许该属性 + // Function: function (val) { } 返回true表示允许该属性,其他值均表示不允许 + // RegExp: regexp.test(val) 返回true表示允许该属性,其他值均表示不允许 + // 除上面列出的值外均表示不允许 + var whiteList = {}; + + whiteList['align-content'] = false; // default: auto + whiteList['align-items'] = false; // default: auto + whiteList['align-self'] = false; // default: auto + whiteList['alignment-adjust'] = false; // default: auto + whiteList['alignment-baseline'] = false; // default: baseline + whiteList['all'] = false; // default: depending on individual properties + whiteList['anchor-point'] = false; // default: none + whiteList['animation'] = false; // default: depending on individual properties + whiteList['animation-delay'] = false; // default: 0 + whiteList['animation-direction'] = false; // default: normal + whiteList['animation-duration'] = false; // default: 0 + whiteList['animation-fill-mode'] = false; // default: none + whiteList['animation-iteration-count'] = false; // default: 1 + whiteList['animation-name'] = false; // default: none + whiteList['animation-play-state'] = false; // default: running + whiteList['animation-timing-function'] = false; // default: ease + whiteList['azimuth'] = false; // default: center + whiteList['backface-visibility'] = false; // default: visible + whiteList['background'] = true; // default: depending on individual properties + whiteList['background-attachment'] = true; // default: scroll + whiteList['background-clip'] = true; // default: border-box + whiteList['background-color'] = true; // default: transparent + whiteList['background-image'] = true; // default: none + whiteList['background-origin'] = true; // default: padding-box + whiteList['background-position'] = true; // default: 0% 0% + whiteList['background-repeat'] = true; // default: repeat + whiteList['background-size'] = true; // default: auto + whiteList['baseline-shift'] = false; // default: baseline + whiteList['binding'] = false; // default: none + whiteList['bleed'] = false; // default: 6pt + whiteList['bookmark-label'] = false; // default: content() + whiteList['bookmark-level'] = false; // default: none + whiteList['bookmark-state'] = false; // default: open + whiteList['border'] = true; // default: depending on individual properties + whiteList['border-bottom'] = true; // default: depending on individual properties + whiteList['border-bottom-color'] = true; // default: current color + whiteList['border-bottom-left-radius'] = true; // default: 0 + whiteList['border-bottom-right-radius'] = true; // default: 0 + whiteList['border-bottom-style'] = true; // default: none + whiteList['border-bottom-width'] = true; // default: medium + whiteList['border-collapse'] = true; // default: separate + whiteList['border-color'] = true; // default: depending on individual properties + whiteList['border-image'] = true; // default: none + whiteList['border-image-outset'] = true; // default: 0 + whiteList['border-image-repeat'] = true; // default: stretch + whiteList['border-image-slice'] = true; // default: 100% + whiteList['border-image-source'] = true; // default: none + whiteList['border-image-width'] = true; // default: 1 + whiteList['border-left'] = true; // default: depending on individual properties + whiteList['border-left-color'] = true; // default: current color + whiteList['border-left-style'] = true; // default: none + whiteList['border-left-width'] = true; // default: medium + whiteList['border-radius'] = true; // default: 0 + whiteList['border-right'] = true; // default: depending on individual properties + whiteList['border-right-color'] = true; // default: current color + whiteList['border-right-style'] = true; // default: none + whiteList['border-right-width'] = true; // default: medium + whiteList['border-spacing'] = true; // default: 0 + whiteList['border-style'] = true; // default: depending on individual properties + whiteList['border-top'] = true; // default: depending on individual properties + whiteList['border-top-color'] = true; // default: current color + whiteList['border-top-left-radius'] = true; // default: 0 + whiteList['border-top-right-radius'] = true; // default: 0 + whiteList['border-top-style'] = true; // default: none + whiteList['border-top-width'] = true; // default: medium + whiteList['border-width'] = true; // default: depending on individual properties + whiteList['bottom'] = false; // default: auto + whiteList['box-decoration-break'] = true; // default: slice + whiteList['box-shadow'] = true; // default: none + whiteList['box-sizing'] = true; // default: content-box + whiteList['box-snap'] = true; // default: none + whiteList['box-suppress'] = true; // default: show + whiteList['break-after'] = true; // default: auto + whiteList['break-before'] = true; // default: auto + whiteList['break-inside'] = true; // default: auto + whiteList['caption-side'] = false; // default: top + whiteList['chains'] = false; // default: none + whiteList['clear'] = true; // default: none + whiteList['clip'] = false; // default: auto + whiteList['clip-path'] = false; // default: none + whiteList['clip-rule'] = false; // default: nonzero + whiteList['color'] = true; // default: implementation dependent + whiteList['color-interpolation-filters'] = true; // default: auto + whiteList['column-count'] = false; // default: auto + whiteList['column-fill'] = false; // default: balance + whiteList['column-gap'] = false; // default: normal + whiteList['column-rule'] = false; // default: depending on individual properties + whiteList['column-rule-color'] = false; // default: current color + whiteList['column-rule-style'] = false; // default: medium + whiteList['column-rule-width'] = false; // default: medium + whiteList['column-span'] = false; // default: none + whiteList['column-width'] = false; // default: auto + whiteList['columns'] = false; // default: depending on individual properties + whiteList['contain'] = false; // default: none + whiteList['content'] = false; // default: normal + whiteList['counter-increment'] = false; // default: none + whiteList['counter-reset'] = false; // default: none + whiteList['counter-set'] = false; // default: none + whiteList['crop'] = false; // default: auto + whiteList['cue'] = false; // default: depending on individual properties + whiteList['cue-after'] = false; // default: none + whiteList['cue-before'] = false; // default: none + whiteList['cursor'] = false; // default: auto + whiteList['direction'] = false; // default: ltr + whiteList['display'] = true; // default: depending on individual properties + whiteList['display-inside'] = true; // default: auto + whiteList['display-list'] = true; // default: none + whiteList['display-outside'] = true; // default: inline-level + whiteList['dominant-baseline'] = false; // default: auto + whiteList['elevation'] = false; // default: level + whiteList['empty-cells'] = false; // default: show + whiteList['filter'] = false; // default: none + whiteList['flex'] = false; // default: depending on individual properties + whiteList['flex-basis'] = false; // default: auto + whiteList['flex-direction'] = false; // default: row + whiteList['flex-flow'] = false; // default: depending on individual properties + whiteList['flex-grow'] = false; // default: 0 + whiteList['flex-shrink'] = false; // default: 1 + whiteList['flex-wrap'] = false; // default: nowrap + whiteList['float'] = false; // default: none + whiteList['float-offset'] = false; // default: 0 0 + whiteList['flood-color'] = false; // default: black + whiteList['flood-opacity'] = false; // default: 1 + whiteList['flow-from'] = false; // default: none + whiteList['flow-into'] = false; // default: none + whiteList['font'] = true; // default: depending on individual properties + whiteList['font-family'] = true; // default: implementation dependent + whiteList['font-feature-settings'] = true; // default: normal + whiteList['font-kerning'] = true; // default: auto + whiteList['font-language-override'] = true; // default: normal + whiteList['font-size'] = true; // default: medium + whiteList['font-size-adjust'] = true; // default: none + whiteList['font-stretch'] = true; // default: normal + whiteList['font-style'] = true; // default: normal + whiteList['font-synthesis'] = true; // default: weight style + whiteList['font-variant'] = true; // default: normal + whiteList['font-variant-alternates'] = true; // default: normal + whiteList['font-variant-caps'] = true; // default: normal + whiteList['font-variant-east-asian'] = true; // default: normal + whiteList['font-variant-ligatures'] = true; // default: normal + whiteList['font-variant-numeric'] = true; // default: normal + whiteList['font-variant-position'] = true; // default: normal + whiteList['font-weight'] = true; // default: normal + whiteList['grid'] = false; // default: depending on individual properties + whiteList['grid-area'] = false; // default: depending on individual properties + whiteList['grid-auto-columns'] = false; // default: auto + whiteList['grid-auto-flow'] = false; // default: none + whiteList['grid-auto-rows'] = false; // default: auto + whiteList['grid-column'] = false; // default: depending on individual properties + whiteList['grid-column-end'] = false; // default: auto + whiteList['grid-column-start'] = false; // default: auto + whiteList['grid-row'] = false; // default: depending on individual properties + whiteList['grid-row-end'] = false; // default: auto + whiteList['grid-row-start'] = false; // default: auto + whiteList['grid-template'] = false; // default: depending on individual properties + whiteList['grid-template-areas'] = false; // default: none + whiteList['grid-template-columns'] = false; // default: none + whiteList['grid-template-rows'] = false; // default: none + whiteList['hanging-punctuation'] = false; // default: none + whiteList['height'] = true; // default: auto + whiteList['hyphens'] = false; // default: manual + whiteList['icon'] = false; // default: auto + whiteList['image-orientation'] = false; // default: auto + whiteList['image-resolution'] = false; // default: normal + whiteList['ime-mode'] = false; // default: auto + whiteList['initial-letters'] = false; // default: normal + whiteList['inline-box-align'] = false; // default: last + whiteList['justify-content'] = false; // default: auto + whiteList['justify-items'] = false; // default: auto + whiteList['justify-self'] = false; // default: auto + whiteList['left'] = false; // default: auto + whiteList['letter-spacing'] = true; // default: normal + whiteList['lighting-color'] = true; // default: white + whiteList['line-box-contain'] = false; // default: block inline replaced + whiteList['line-break'] = false; // default: auto + whiteList['line-grid'] = false; // default: match-parent + whiteList['line-height'] = false; // default: normal + whiteList['line-snap'] = false; // default: none + whiteList['line-stacking'] = false; // default: depending on individual properties + whiteList['line-stacking-ruby'] = false; // default: exclude-ruby + whiteList['line-stacking-shift'] = false; // default: consider-shifts + whiteList['line-stacking-strategy'] = false; // default: inline-line-height + whiteList['list-style'] = true; // default: depending on individual properties + whiteList['list-style-image'] = true; // default: none + whiteList['list-style-position'] = true; // default: outside + whiteList['list-style-type'] = true; // default: disc + whiteList['margin'] = true; // default: depending on individual properties + whiteList['margin-bottom'] = true; // default: 0 + whiteList['margin-left'] = true; // default: 0 + whiteList['margin-right'] = true; // default: 0 + whiteList['margin-top'] = true; // default: 0 + whiteList['marker-offset'] = false; // default: auto + whiteList['marker-side'] = false; // default: list-item + whiteList['marks'] = false; // default: none + whiteList['mask'] = false; // default: border-box + whiteList['mask-box'] = false; // default: see individual properties + whiteList['mask-box-outset'] = false; // default: 0 + whiteList['mask-box-repeat'] = false; // default: stretch + whiteList['mask-box-slice'] = false; // default: 0 fill + whiteList['mask-box-source'] = false; // default: none + whiteList['mask-box-width'] = false; // default: auto + whiteList['mask-clip'] = false; // default: border-box + whiteList['mask-image'] = false; // default: none + whiteList['mask-origin'] = false; // default: border-box + whiteList['mask-position'] = false; // default: center + whiteList['mask-repeat'] = false; // default: no-repeat + whiteList['mask-size'] = false; // default: border-box + whiteList['mask-source-type'] = false; // default: auto + whiteList['mask-type'] = false; // default: luminance + whiteList['max-height'] = true; // default: none + whiteList['max-lines'] = false; // default: none + whiteList['max-width'] = true; // default: none + whiteList['min-height'] = true; // default: 0 + whiteList['min-width'] = true; // default: 0 + whiteList['move-to'] = false; // default: normal + whiteList['nav-down'] = false; // default: auto + whiteList['nav-index'] = false; // default: auto + whiteList['nav-left'] = false; // default: auto + whiteList['nav-right'] = false; // default: auto + whiteList['nav-up'] = false; // default: auto + whiteList['object-fit'] = false; // default: fill + whiteList['object-position'] = false; // default: 50% 50% + whiteList['opacity'] = false; // default: 1 + whiteList['order'] = false; // default: 0 + whiteList['orphans'] = false; // default: 2 + whiteList['outline'] = false; // default: depending on individual properties + whiteList['outline-color'] = false; // default: invert + whiteList['outline-offset'] = false; // default: 0 + whiteList['outline-style'] = false; // default: none + whiteList['outline-width'] = false; // default: medium + whiteList['overflow'] = false; // default: depending on individual properties + whiteList['overflow-wrap'] = false; // default: normal + whiteList['overflow-x'] = false; // default: visible + whiteList['overflow-y'] = false; // default: visible + whiteList['padding'] = true; // default: depending on individual properties + whiteList['padding-bottom'] = true; // default: 0 + whiteList['padding-left'] = true; // default: 0 + whiteList['padding-right'] = true; // default: 0 + whiteList['padding-top'] = true; // default: 0 + whiteList['page'] = false; // default: auto + whiteList['page-break-after'] = false; // default: auto + whiteList['page-break-before'] = false; // default: auto + whiteList['page-break-inside'] = false; // default: auto + whiteList['page-policy'] = false; // default: start + whiteList['pause'] = false; // default: implementation dependent + whiteList['pause-after'] = false; // default: implementation dependent + whiteList['pause-before'] = false; // default: implementation dependent + whiteList['perspective'] = false; // default: none + whiteList['perspective-origin'] = false; // default: 50% 50% + whiteList['pitch'] = false; // default: medium + whiteList['pitch-range'] = false; // default: 50 + whiteList['play-during'] = false; // default: auto + whiteList['position'] = false; // default: static + whiteList['presentation-level'] = false; // default: 0 + whiteList['quotes'] = false; // default: text + whiteList['region-fragment'] = false; // default: auto + whiteList['resize'] = false; // default: none + whiteList['rest'] = false; // default: depending on individual properties + whiteList['rest-after'] = false; // default: none + whiteList['rest-before'] = false; // default: none + whiteList['richness'] = false; // default: 50 + whiteList['right'] = false; // default: auto + whiteList['rotation'] = false; // default: 0 + whiteList['rotation-point'] = false; // default: 50% 50% + whiteList['ruby-align'] = false; // default: auto + whiteList['ruby-merge'] = false; // default: separate + whiteList['ruby-position'] = false; // default: before + whiteList['shape-image-threshold'] = false; // default: 0.0 + whiteList['shape-outside'] = false; // default: none + whiteList['shape-margin'] = false; // default: 0 + whiteList['size'] = false; // default: auto + whiteList['speak'] = false; // default: auto + whiteList['speak-as'] = false; // default: normal + whiteList['speak-header'] = false; // default: once + whiteList['speak-numeral'] = false; // default: continuous + whiteList['speak-punctuation'] = false; // default: none + whiteList['speech-rate'] = false; // default: medium + whiteList['stress'] = false; // default: 50 + whiteList['string-set'] = false; // default: none + whiteList['tab-size'] = false; // default: 8 + whiteList['table-layout'] = false; // default: auto + whiteList['text-align'] = true; // default: start + whiteList['text-align-last'] = true; // default: auto + whiteList['text-combine-upright'] = true; // default: none + whiteList['text-decoration'] = true; // default: none + whiteList['text-decoration-color'] = true; // default: currentColor + whiteList['text-decoration-line'] = true; // default: none + whiteList['text-decoration-skip'] = true; // default: objects + whiteList['text-decoration-style'] = true; // default: solid + whiteList['text-emphasis'] = true; // default: depending on individual properties + whiteList['text-emphasis-color'] = true; // default: currentColor + whiteList['text-emphasis-position'] = true; // default: over right + whiteList['text-emphasis-style'] = true; // default: none + whiteList['text-height'] = true; // default: auto + whiteList['text-indent'] = true; // default: 0 + whiteList['text-justify'] = true; // default: auto + whiteList['text-orientation'] = true; // default: mixed + whiteList['text-overflow'] = true; // default: clip + whiteList['text-shadow'] = true; // default: none + whiteList['text-space-collapse'] = true; // default: collapse + whiteList['text-transform'] = true; // default: none + whiteList['text-underline-position'] = true; // default: auto + whiteList['text-wrap'] = true; // default: normal + whiteList['top'] = false; // default: auto + whiteList['transform'] = false; // default: none + whiteList['transform-origin'] = false; // default: 50% 50% 0 + whiteList['transform-style'] = false; // default: flat + whiteList['transition'] = false; // default: depending on individual properties + whiteList['transition-delay'] = false; // default: 0s + whiteList['transition-duration'] = false; // default: 0s + whiteList['transition-property'] = false; // default: all + whiteList['transition-timing-function'] = false; // default: ease + whiteList['unicode-bidi'] = false; // default: normal + whiteList['vertical-align'] = false; // default: baseline + whiteList['visibility'] = false; // default: visible + whiteList['voice-balance'] = false; // default: center + whiteList['voice-duration'] = false; // default: auto + whiteList['voice-family'] = false; // default: implementation dependent + whiteList['voice-pitch'] = false; // default: medium + whiteList['voice-range'] = false; // default: medium + whiteList['voice-rate'] = false; // default: normal + whiteList['voice-stress'] = false; // default: normal + whiteList['voice-volume'] = false; // default: medium + whiteList['volume'] = false; // default: medium + whiteList['white-space'] = false; // default: normal + whiteList['widows'] = false; // default: 2 + whiteList['width'] = true; // default: auto + whiteList['will-change'] = false; // default: auto + whiteList['word-break'] = true; // default: normal + whiteList['word-spacing'] = true; // default: normal + whiteList['word-wrap'] = true; // default: normal + whiteList['wrap-flow'] = false; // default: auto + whiteList['wrap-through'] = false; // default: wrap + whiteList['writing-mode'] = false; // default: horizontal-tb + whiteList['z-index'] = false; // default: auto + + return whiteList; +} + + +/** + * 匹配到白名单上的一个属性时 + * + * @param {String} name + * @param {String} value + * @param {Object} options + * @return {String} + */ +function onAttr (name, value, options) { + // do nothing +} + +/** + * 匹配到不在白名单上的一个属性时 + * + * @param {String} name + * @param {String} value + * @param {Object} options + * @return {String} + */ +function onIgnoreAttr (name, value, options) { + // do nothing +} + +var REGEXP_URL_JAVASCRIPT = /javascript\s*\:/img; + +/** + * 过滤属性值 + * + * @param {String} name + * @param {String} value + * @return {String} + */ +function safeAttrValue(name, value) { + if (REGEXP_URL_JAVASCRIPT.test(value)) return ''; + return value; +} + + +exports.whiteList = getDefaultWhiteList(); +exports.getDefaultWhiteList = getDefaultWhiteList; +exports.onAttr = onAttr; +exports.onIgnoreAttr = onIgnoreAttr; +exports.safeAttrValue = safeAttrValue; diff --git a/node_modules/cssfilter/lib/index.js b/node_modules/cssfilter/lib/index.js new file mode 100644 index 0000000..712f55f --- /dev/null +++ b/node_modules/cssfilter/lib/index.js @@ -0,0 +1,32 @@ +/** + * cssfilter + * + * @author 老雷<leizongmin@gmail.com> + */ + +var DEFAULT = require('./default'); +var FilterCSS = require('./css'); + + +/** + * XSS过滤 + * + * @param {String} css 要过滤的CSS代码 + * @param {Object} options 选项:whiteList, onAttr, onIgnoreAttr + * @return {String} + */ +function filterCSS (html, options) { + var xss = new FilterCSS(options); + return xss.process(html); +} + + +// 输出 +exports = module.exports = filterCSS; +exports.FilterCSS = FilterCSS; +for (var i in DEFAULT) exports[i] = DEFAULT[i]; + +// 在浏览器端使用 +if (typeof window !== 'undefined') { + window.filterCSS = module.exports; +} diff --git a/node_modules/cssfilter/lib/parser.js b/node_modules/cssfilter/lib/parser.js new file mode 100644 index 0000000..fcb9418 --- /dev/null +++ b/node_modules/cssfilter/lib/parser.js @@ -0,0 +1,74 @@ +/** + * cssfilter + * + * @author 老雷<leizongmin@gmail.com> + */ + +var _ = require('./util'); + + +/** + * 解析style + * + * @param {String} css + * @param {Function} onAttr 处理属性的函数 + * 参数格式: function (sourcePosition, position, name, value, source) + * @return {String} + */ +function parseStyle (css, onAttr) { + css = _.trimRight(css); + if (css[css.length - 1] !== ';') css += ';'; + var cssLength = css.length; + var isParenthesisOpen = false; + var lastPos = 0; + var i = 0; + var retCSS = ''; + + function addNewAttr () { + // 如果没有正常的闭合圆括号,则直接忽略当前属性 + if (!isParenthesisOpen) { + var source = _.trim(css.slice(lastPos, i)); + var j = source.indexOf(':'); + if (j !== -1) { + var name = _.trim(source.slice(0, j)); + var value = _.trim(source.slice(j + 1)); + // 必须有属性名称 + if (name) { + var ret = onAttr(lastPos, retCSS.length, name, value, source); + if (ret) retCSS += ret + '; '; + } + } + } + lastPos = i + 1; + } + + for (; i < cssLength; i++) { + var c = css[i]; + if (c === '/' && css[i + 1] === '*') { + // 备注开始 + var j = css.indexOf('*/', i + 2); + // 如果没有正常的备注结束,则后面的部分全部跳过 + if (j === -1) break; + // 直接将当前位置调到备注结尾,并且初始化状态 + i = j + 1; + lastPos = i + 1; + isParenthesisOpen = false; + } else if (c === '(') { + isParenthesisOpen = true; + } else if (c === ')') { + isParenthesisOpen = false; + } else if (c === ';') { + if (isParenthesisOpen) { + // 在圆括号里面,忽略 + } else { + addNewAttr(); + } + } else if (c === '\n') { + addNewAttr(); + } + } + + return _.trim(retCSS); +} + +module.exports = parseStyle; diff --git a/node_modules/cssfilter/lib/util.js b/node_modules/cssfilter/lib/util.js new file mode 100644 index 0000000..c8b4f7b --- /dev/null +++ b/node_modules/cssfilter/lib/util.js @@ -0,0 +1,35 @@ +module.exports = { + indexOf: function (arr, item) { + var i, j; + if (Array.prototype.indexOf) { + return arr.indexOf(item); + } + for (i = 0, j = arr.length; i < j; i++) { + if (arr[i] === item) { + return i; + } + } + return -1; + }, + forEach: function (arr, fn, scope) { + var i, j; + if (Array.prototype.forEach) { + return arr.forEach(fn, scope); + } + for (i = 0, j = arr.length; i < j; i++) { + fn.call(scope, arr[i], i, arr); + } + }, + trim: function (str) { + if (String.prototype.trim) { + return str.trim(); + } + return str.replace(/(^\s*)|(\s*$)/g, ''); + }, + trimRight: function (str) { + if (String.prototype.trimRight) { + return str.trimRight(); + } + return str.replace(/(\s*$)/g, ''); + } +}; diff --git a/node_modules/cssfilter/package.json b/node_modules/cssfilter/package.json new file mode 100644 index 0000000..118566b --- /dev/null +++ b/node_modules/cssfilter/package.json @@ -0,0 +1,77 @@ +{ + "_from": "cssfilter@0.0.10", + "_id": "cssfilter@0.0.10", + "_inBundle": false, + "_integrity": "sha1-xtJnJjKi5cg+AT5oZKQs6N79IK4=", + "_location": "/cssfilter", + "_phantomChildren": {}, + "_requested": { + "type": "version", + "registry": true, + "raw": "cssfilter@0.0.10", + "name": "cssfilter", + "escapedName": "cssfilter", + "rawSpec": "0.0.10", + "saveSpec": null, + "fetchSpec": "0.0.10" + }, + "_requiredBy": [ + "/xss" + ], + "_resolved": "https://registry.npmjs.org/cssfilter/-/cssfilter-0.0.10.tgz", + "_shasum": "c6d2672632a2e5c83e013e6864a42ce8defd20ae", + "_spec": "cssfilter@0.0.10", + "_where": "/home/cargova/projects/beziapp.github.io/node_modules/xss", + "author": { + "name": "Zongmin Lei", + "email": "leizongmin@gmail.com" + }, + "bugs": { + "url": "https://github.com/leizongmin/js-css-filter/issues" + }, + "bundleDependencies": false, + "deprecated": false, + "description": "Sanitize untrusted CSS with a configuration specified by a Whitelist. 根据白名单过滤CSS", + "devDependencies": { + "blanket": "^1.1.6", + "browserify": "^13.1.1", + "coveralls": "^2.11.14", + "istanbul": "^0.4.5", + "mocha": "^3.1.2", + "should": "^11.1.1", + "uglify-js": "^2.7.4" + }, + "files": [ + "lib" + ], + "homepage": "https://github.com/leizongmin/js-css-filter", + "keywords": [ + "sanitization", + "xss", + "sanitize", + "sanitisation", + "input", + "security", + "escape", + "encode", + "filter", + "validator", + "html", + "css", + "injection", + "whitelist" + ], + "license": "MIT", + "main": "lib/index.js", + "name": "cssfilter", + "repository": { + "type": "git", + "url": "git+https://github.com/leizongmin/js-css-filter.git" + }, + "scripts": { + "build": "./build", + "prepublish": "npm run test && npm run build", + "test": "istanbul cover _mocha --report lcovonly -- -t 5000 -R spec && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coverage" + }, + "version": "0.0.10" +} |