|
|
@@ -1,9 +1,19 @@
|
|
|
class XssOption {
|
|
|
|
|
|
constructor(config) {
|
|
|
- this.isXssPrevented = config.isXssPrevented;
|
|
|
- this.tagWhiteList = config.tagWhiteList;
|
|
|
- this.attrWhiteList = config.attrWhiteList;
|
|
|
+ const recommendedXssWhiteList = require('../util/recommendedXssWhiteList');
|
|
|
+
|
|
|
+ if (config) {
|
|
|
+ this.isXssPrevented = config.isXssPrevented || true;
|
|
|
+ this.tagWhiteList = config.tagWhiteList || recommendedXssWhiteList.tags;
|
|
|
+ this.attrWhiteList = config.attrWhiteList || recommendedXssWhiteList.attrs;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ this.isXssPrevented = true;
|
|
|
+ this.tagWhiteList = recommendedXssWhiteList.tags;
|
|
|
+ this.attrWhiteList = recommendedXssWhiteList.attrs;
|
|
|
+ }
|
|
|
+
|
|
|
}
|
|
|
|
|
|
}
|
sou