fix:暂时把style得不归xss有问题

libinjection-go/xss_decls.go

@@ -30,7 +30,7 @@ var blackTags = []string{
 	"NOSCRIPT",
 	"OBJECT",
 	"SCRIPT",
-	"STYLE",
+	//"STYLE",
 	"VMLFRAME",
 	"XML",
 	"XSS",
@@ -56,7 +56,7 @@ var blacks = []stringType{
 	{"LOWSRC", attributeTypeAttrURL}, // Obsolete img attribute
 	{"POSTER", attributeTypeAttrURL}, // Opera 10,11
 	{"SRC", attributeTypeAttrURL},
-	{"STYLE", attributeTypeStyle},
+	//{"STYLE", attributeTypeStyle},
 	{"TO", attributeTypeAttrURL},     // SVG
 	{"VALUES", attributeTypeAttrURL}, // SVG
 	{"XLINK:HREF", attributeTypeAttrURL},

libinjection-go/xss_test.go

@@ -9,6 +9,7 @@ import (
 
 func TestIsXSS(t *testing.T) {
 	examples := []string{
+		"<img src=\"http://jpg.baidu.com\"/>",
 		"<script>alert(1);</script>",
 		"><script>alert(1);</script>",
 		"x ><script>alert(1);</script>",
@@ -29,7 +30,10 @@ func TestIsXSS(t *testing.T) {
 		"<a href=\"  javascript:alert(1);\" >",
 		"<a href=\"JAVASCRIPT:alert(1);\" >",
 	}
-
+	examples = []string{
+		//"ertwert<xml>asdf",
+		"<p>1123 <img alt=\"\" src=\"http://dhj-1256682915.file.myqcloud.com/uploads/images/20180724/4f98f2e0eefd1f9eaa9c0ed099592d70.jpg?v=677267\"/></p>",
+	}
 	for _, example := range examples {
 		if !IsXSS(example) {
 			t.Errorf("[%s] is not XSS", example)