natxocc/sigpro
1
1
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Improved XXS
All checks were successful
Deploy Docs to Synology / deploy (push) Successful in 4s
Details

Browse Source
This commit is contained in:
Natxo
2026-04-27 10:32:11 +02:00
parent 25975eb89a
commit a65219759d
7 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dist/sigpro.esm.js vendored
View File

@@ -244,7 +244,8 @@ var cleanupNode = (node) => {
node.childNodes.forEach((n) => cleanupNode(n));
};
var DANGEROUS_PROTOCOL = /^\s*(javascript|data|vbscript):/i;
var isDangerousAttr = (key) => key === "src" || key === "href" || key.startsWith("on");
var DANGEROUS_URI_ATTRS = new Set(["src", "href", "formaction", "action", "background", "code", "archive"]);
var isDangerousAttr = (key) => DANGEROUS_URI_ATTRS.has(key) || key.startsWith("on");
var validateAttr = (key, val) => {
if (val == null || val === false)
return null;
@@ -298,8 +299,9 @@ var h = (tag, props = {}, children = []) => {
continue;
}
if (isSVG && k.startsWith("xlink:")) {
const ns = "http://www.w3.org/1999/xlink";
v == null ? el.removeAttributeNS(ns, k.slice(6)) : el.setAttributeNS(ns, k.slice(6), v);
const cleanVal = validateAttr(k.slice(6), v);
let lnk = "http://www.w3.org/1999/xlink";
cleanVal == null ? el.removeAttributeNS(lnk, k.slice(6)) : el.setAttributeNS(lnk, k.slice(6), cleanVal);
continue;
}
if (k.startsWith("on")) {

2
dist/sigpro.esm.min.js vendored
View File

File diff suppressed because one or more lines are too long

8
dist/sigpro.js vendored
View File

@@ -300,7 +300,8 @@
node.childNodes.forEach((n) => cleanupNode(n));
};
var DANGEROUS_PROTOCOL = /^\s*(javascript|data|vbscript):/i;
var isDangerousAttr = (key) => key === "src" || key === "href" || key.startsWith("on");
var DANGEROUS_URI_ATTRS = new Set(["src", "href", "formaction", "action", "background", "code", "archive"]);
var isDangerousAttr = (key) => DANGEROUS_URI_ATTRS.has(key) || key.startsWith("on");
var validateAttr = (key, val) => {
if (val == null || val === false)
return null;
@@ -354,8 +355,9 @@
continue;
}
if (isSVG && k.startsWith("xlink:")) {
const ns = "http://www.w3.org/1999/xlink";
v == null ? el.removeAttributeNS(ns, k.slice(6)) : el.setAttributeNS(ns, k.slice(6), v);
const cleanVal = validateAttr(k.slice(6), v);
let lnk = "http://www.w3.org/1999/xlink";
cleanVal == null ? el.removeAttributeNS(lnk, k.slice(6)) : el.setAttributeNS(lnk, k.slice(6), cleanVal);
continue;
}
if (k.startsWith("on")) {

2
dist/sigpro.min.js vendored
View File

File diff suppressed because one or more lines are too long