28 lines
636 B
Go
Executable File
28 lines
636 B
Go
Executable File
package activity
|
|
|
|
import (
|
|
"regexp"
|
|
"strings"
|
|
)
|
|
|
|
var (
|
|
reScript = regexp.MustCompile(`(?is)<\s*script[^>]*>.*?<\s*/\s*script\s*>`)
|
|
reOnEvent = regexp.MustCompile(`(?i)\s+on[a-z]+\s*=\s*"[^"]*"`)
|
|
reJsProto = regexp.MustCompile(`(?i)javascript:`)
|
|
)
|
|
|
|
func sanitizeHTML(s string) string {
|
|
if s == "" {
|
|
return ""
|
|
}
|
|
// 移除 <script> 标签及其内容
|
|
s = reScript.ReplaceAllString(s, "")
|
|
// 移除内联事件处理属性,如 onclick="..."
|
|
s = reOnEvent.ReplaceAllString(s, "")
|
|
// 移除 javascript: 协议注入
|
|
s = reJsProto.ReplaceAllString(s, "")
|
|
// 规范换行
|
|
s = strings.ReplaceAll(s, "\r\n", "\n")
|
|
return s
|
|
}
|