<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>xss.js处理网页xss攻击</title>
<style type="text/css">
</style>
</head>
<body>
<div id="m-test"></div>
<div id="m-test2"></div>
<div id="m-test3"></div>
<script src="https://cdn.bootcss.com/jquery/3.3.1/jquery.min.js"></script>
<script src="https://cdn.bootcss.com/js-xss/0.3.3/xss.js"></script>
<script type="text/javascript">
$(function() {
var xss1 = 'www.baidu.com?q=test<img src=1 onerror=alert(1)>';
var xss2 = 'http://xxx?keyword=<script>alert("aaa")' +'\<\/script>';
$('#m-test').html(filterXSS(xss1));
$('#m-test2').html(filterXSS(xss2));
function escapeHtml(html) {
return html.replace(/</g, "<").replace(/>/g, ">");
}
$('#m-test3').html(escapeHtml(xss1) + escapeHtml(xss2));
})
</script>
</body>
</html>
.replace(/&/g, "&")
.replace(/</g, "<")
.replace(/>/g, ">")
.replace(/"/g, """)
.replace(/'/g, "'")