xss-test v0.0.1
xss-test
A brief slogan.
fooalert(1)/xss\'"&#
A thrilling description, it should let me know clearly:
- What can it do (and what cannot do)?
- Why is it my best choice?
Features
- List core freatures here.
- The less the better.
- Make sure not more than 5.
Requirement
If your project must run in a paticular enviroment.
e.g.
node >= 0.11.14
or
- IE6~10 ×
- IE11 √
- chrome √
Installation
How to install or download the project, show the installation steps or download links.
$ npm install xss-testQuick start
A carefully prepared demo is indispensable!
It should:
- Always works (believe me, it is not easy).
- Easy to run, typically with default config.
- Demostrate the core features.
- Use code snippet, screenshot and video when necessary.
var xss-test = require('xss-test');
xss-test.foo(function (err) {
});Cli options / Configs
-o, --option
Option description.
Default: default value
Give a code snippet if it's hard to understandSubcommand(e.g. totoro config)
Subcommand description.
-s, --suboption
Suboption description.
Default: default value
API Reference
Class(config)
Class description.
- config: description.
- config.property: description.
Code snippet here#classProperty
Property description.
#classMethod(param1, param2)
Method description.
- param1: description.
- param2: description.
Code snippet here.objectProperty
Property description.
.objectMethod(param1, param2)
Method description.
- param1: description.
- param2: description.
Code snippet hereContributing
Plain text or a link both be OK.
License
MIT
xss markdown
come from https://github.com/markdown-it/markdown-it/blob/master/test/fixtures/markdown-it/xss.txt
. normal link .
Should not allow some protocols in links and images
. xss link
xss link .
. xss link .
. xss link .
. xss link .
Image parser use the same code base.
.
.
Autolinks
. <javascript:alert(1)>
<javascript:alert(1)> .
Linkifier
. javascript:alert(1)
javascript:alert(1) .