前端xss过滤接口返回的信息
const xss = require("xss");
function handleXss(content) {
const options = {
whiteList: {
p: ['class', 'style'],
em: ['class', 'style'],
strong: ['class', 'style'],
br: ['class', 'style'],
u: ['class', 'style'],
s: ['class', 'style'],
blockquote: ['class', 'style'],
li: ['class', 'style'],
ol: ['class', 'style'],
ul: ['class', 'style'],
h1: ['class', 'style'],
h2: ['class', 'style'],
h3: ['class', 'style'],
h4: ['class', 'style'],
h5: ['class', 'style'],
h6: ['class', 'style'],
span: ['class', 'style'],
div: ['class', 'style'],
img: ['src', 'class', 'style', 'width'],
},
};
const myxss = new xss.FilterXSS(options);
content= myxss.process(content);
return content;
}
let content = {data: "<script>alert('这是脚本')</script>"}
let content1 = JSON.stringify(content)
JSON.parse(handleXss(content1))