企业🤖AI智能体构建引擎,智能编排和调试,一键部署,支持私有化部署方案 广告
**防止xss攻击需引入xss.js,[xss相关文档](https://www.npmjs.com/package/xss)** 浏览器使用方式 ``` <script src="https://rawgit.com/leizongmin/js-xss/master/dist/xss.js"></script> <script> // apply function filterXSS in the same way var html = filterXSS('<script>alert("xss");</scr' + 'ipt>'); alert(html); </script> ``` 提供一个模块化加载的白名单例子,此方法可以解决word拷贝文字出现word标签的问题,也可以大大降低xss攻击的风险 ``` import xss from 'xss' const Config = { xss: { whiteList: { a: ['href', 'title', 'target','style'], img: ['style','src'], table: ['style', 'align'], tr: ['style', 'align'], th: ['style', 'align'], td: ['style', 'align'], span: ['style'], ol: ['style'], ul: ['style'], li: ['style'], blockquote: ['style'], p: ['style'], h1: ['style'], h2: ['style'], h3: ['style'], h4: ['style'], h5: ['style'], h6: ['style'], del: [], br: [], pre: ['style', 'class'], code: ['style', 'class'], em: [], // style: ['type'], div: ['class'], // html: [], // body: [], head: [], title: [], // meta: [], // font: ['size'], strong: ['style'], b: ['style'], hr: [], strike: ['style'], u: [] }, commentWhiteList: { img: ['src'] } } } let articleContent; // 文章内容 articleContent = xss(articleContent,{ whiteList: Config.xss.whiteList, stripIgnoreTag: true, // 过滤所有非白名单标签的HTML stripIgnoreTagBody: ['style','script'] // 需要过滤标签中间的内容 }); ```