Merge pull request #4087 from davetayls/feature/sanitizer

added sanitiser https://github.com/theSmaw/Caja-HTML-Sanitizer
This commit is contained in:
Masahiro Wakame
2015-04-12 10:54:27 +09:00
2 changed files with 80 additions and 0 deletions

View File

@@ -0,0 +1,53 @@
/// <reference path="sanitizer.d.ts" />
import sanitizer = require('sanitizer');
// example copied from the tests https://github.com/theSmaw/Caja-HTML-Sanitizer/blob/master/test/test-sanitizer.js#L346
var events:any[] = [];
var addTextEvent = function(type:string, text:string, param:any) {
var n = events.length;
if (events[n - 3] === type && events[n - 1] === param) {
events[n - 2] += text;
} else {
events.push(type, text, param);
}
};
sanitizer.makeSaxParser({
startTag: function(name, attribs, param) {
events.push('startTag', name + '[' + attribs.join(';') + ']', param);
},
endTag: function(name, param) {
events.push('endTag', name, param);
},
pcdata: function(text, param) {
addTextEvent('pcdata', text, param);
},
cdata: function(text, param) {
addTextEvent('cdata', text, param);
},
rcdata: function(text, param) {
addTextEvent('rcdata', text, param);
},
comment: function(text, param) {
events.push('comment', text, param);
},
startDoc: function(param) {
events.push('startDoc', '', param);
},
endDoc: function(param) {
events.push('endDoc', '', param);
}
});
sanitizer.escape('<script>alert("hi")</script>');
sanitizer.sanitize('<script>alert("hi")</script>');
sanitizer.normalizeRCData('<script>alert("hi")</script>');
sanitizer.unescapeEntities('<script>alert("hi")</script>');

27
sanitizer/sanitizer.d.ts vendored Normal file
View File

@@ -0,0 +1,27 @@
// Type definitions for Sanitizer
// Project: https://github.com/theSmaw/Caja-HTML-Sanitizer
// Definitions by: Dave Taylor <http://davetayls.me>
// Definitions: https://github.com/borisyankov/DefinitelyTyped
declare module 'sanitizer' {
export interface ISaxHandler {
startTag(name:string, attribs:string[], param:any):void;
endTag(name:string, param:any):void;
pcdata(text:string, param:any):void;
cdata(text:string, param:any):void;
rcdata(text:string, param:any):void;
comment(text:string, param:any):void;
startDoc(param:any):void;
endDoc(param:any):void;
}
export function escape(s:string):string;
export function makeSaxParser(yourHandler:ISaxHandler):(...any:any[])=>any;
export function normalizeRCData(s:string):string;
export function sanitize(s:string):string;
export function unescapeEntities(s:string):string;
}