summaryrefslogtreecommitdiffstats
path: root/modules/base/tool.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/base/tool.go')
-rw-r--r--modules/base/tool.go27
1 files changed, 27 insertions, 0 deletions
diff --git a/modules/base/tool.go b/modules/base/tool.go
index b4083d090f..38fd1e21e7 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -14,6 +14,7 @@ import (
"hash"
"html/template"
"math"
+ "regexp"
"strings"
"time"
@@ -446,3 +447,29 @@ func DateFormat(t time.Time, format string) string {
format = replacer.Replace(format)
return t.Format(format)
}
+
+type xssFilter struct {
+ reg *regexp.Regexp
+ repl []byte
+}
+
+var (
+ whiteSpace = []byte(" ")
+ xssFilters = []xssFilter{
+ {regexp.MustCompile(`\ [ONon]\w*=["]*`), whiteSpace},
+ {regexp.MustCompile(`<[SCRIPTscript]{6}`), whiteSpace},
+ {regexp.MustCompile(`=[` + "`" + `'"]*[JAVASCRIPTjavascript \t\0&#x0D;]*:`), whiteSpace},
+ }
+)
+
+// XSS goes through all the XSS filters to make user input content as safe as possible.
+func XSS(in []byte) []byte {
+ for _, filter := range xssFilters {
+ in = filter.reg.ReplaceAll(in, filter.repl)
+ }
+ return in
+}
+
+func XSSString(in string) string {
+ return string(XSS([]byte(in)))
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-23 00:29:16 +0000