Skip to content

Commit af681ae

Browse files
yangyin5127yangyin5127
committed
add kbd to default white list
1 parent e02e4b1 commit af681ae

File tree

1 file changed

+13
-12
lines changed

1 file changed

+13
-12
lines changed

xss_option.go

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
package xss
22

33
import (
4+
"fmt"
45
"strconv"
56
"strings"
6-
"fmt"
77
)
88

99
type XssOption struct {
@@ -41,13 +41,13 @@ type TagOption struct {
4141
IsWhite bool
4242
}
4343

44-
//NewXssOption
44+
// NewXssOption
4545
func NewXssOption() XssOption {
4646
option := XssOption{}
4747
return option
4848
}
4949

50-
//NewDefaultXssOption
50+
// NewDefaultXssOption
5151
func NewDefaultXssOption() XssOption {
5252

5353
defaultOption := XssOption{}
@@ -70,7 +70,7 @@ type StripTagBodyResult struct {
7070
Remove func(html string) string
7171
}
7272

73-
//GetDefaultWhiteList 默认白名单
73+
// GetDefaultWhiteList 默认白名单
7474
func GetDefaultWhiteList() map[string][]string {
7575

7676
result := map[string][]string{
@@ -113,6 +113,7 @@ func GetDefaultWhiteList() map[string][]string {
113113
"i": {},
114114
"img": {"src", "alt", "title", "width", "height"},
115115
"ins": {"datetime"},
116+
"kbd": {},
116117
"li": {},
117118
"mark": {},
118119
"nav": {},
@@ -311,7 +312,7 @@ func safeAttrValue(tag, name, value string) string {
311312
return value
312313
}
313314

314-
//FriendlyAttrValue get friendly attribute value
315+
// FriendlyAttrValue get friendly attribute value
315316
func FriendlyAttrValue(str string) string {
316317
str = unescapeQuote(str)
317318
str = escapeHTMLEntities(str)
@@ -320,12 +321,12 @@ func FriendlyAttrValue(str string) string {
320321
return str
321322
}
322323

323-
//unescapeQuote unescape double quote
324+
// unescapeQuote unescape double quote
324325
func unescapeQuote(str string) string {
325326
return regQuote2.ReplaceAllString(str, "\"")
326327
}
327328

328-
//escapeHtmlEntities
329+
// escapeHtmlEntities
329330
func escapeHTMLEntities(str string) string {
330331
return regAttrValue1.ReplaceAllStringFunc(str, func(input string) string {
331332
input = input[2:]
@@ -338,26 +339,26 @@ func escapeHTMLEntities(str string) string {
338339

339340
i, err := strconv.ParseInt(input[1:], 16, 32)
340341
if err == nil {
341-
return fmt.Sprintf("%c",i)
342+
return fmt.Sprintf("%c", i)
342343
}
343344
return ""
344345

345346
}
346347
i, err := strconv.Atoi(input)
347348
if err == nil {
348-
return fmt.Sprintf("%c",i)
349+
return fmt.Sprintf("%c", i)
349350
}
350351

351352
return ""
352353
})
353354
}
354355

355-
//escapeDangerHTML5Entities
356+
// escapeDangerHTML5Entities
356357
func escapeDangerHTML5Entities(str string) string {
357358
return regAttrNewLine.ReplaceAllString(regAttrValueColon.ReplaceAllString(str, ":"), " ")
358359
}
359360

360-
//clearNonPrintableCharacter
361+
// clearNonPrintableCharacter
361362
func clearNonPrintableCharacter(str string) string {
362363

363364
var b strings.Builder
@@ -378,7 +379,7 @@ func escapeQuote(str string) string {
378379
return regQuote.ReplaceAllString(str, """)
379380
}
380381

381-
//escapeHTML
382+
// escapeHTML
382383
func escapeHTML(html string) string {
383384

384385
// return regGT.ReplaceAllString(regLT.ReplaceAllString(html, "<"), ">")

0 commit comments

Comments
 (0)