mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-20 20:00:40 +03:00
Code Activity

Fixing Vulnerability A Fortify Scan finds a critical Cross-Site Scrip… (#2451)

Browse Source 
* Fixing Vulnerability A Fortify Scan finds a critical Cross-Site Scripting

* use var insted of const
This commit is contained in:
Wataru
2019-10-09 09:23:34 +09:00
committed by Felipe Martins
parent 4f189ec80c
commit 19969b4fbd
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/helpers/isURLSameOrigin.js
+3
View File
@@ -1,6 +1,7 @@
'use strict'; 'use strict';
var utils = require('./../utils'); var utils = require('./../utils');
var isValidXss = require('./isValidXss');
module.exports = ( module.exports = (
utils.isStandardBrowserEnv() ? utils.isStandardBrowserEnv() ?
@@ -27,6 +28,8 @@ module.exports = (
href = urlParsingNode.href; href = urlParsingNode.href;
} }
isValidXss(url);
urlParsingNode.setAttribute('href', href); urlParsingNode.setAttribute('href', href);
// urlParsingNode provides the UrlUtils interface - http://url.spec.whatwg.org/#urlutils // urlParsingNode provides the UrlUtils interface - http://url.spec.whatwg.org/#urlutils
lib/helpers/isValidXss.js
+6
View File
@@ -0,0 +1,6 @@
'use strict';
module.exports = function isValidXss(requestURL) {
var regex = RegExp('<script+.*>+.*<\/script>');
return regex.test(requestURL);
};
test/specs/helpers/isURLSameOrigin.spec.js
+4
View File
@@ -8,4 +8,8 @@ describe('helpers::isURLSameOrigin', function () {
it('should detect different origin', function () { it('should detect different origin', function () {
expect(isURLSameOrigin('https://github.com/axios/axios')).toEqual(false); expect(isURLSameOrigin('https://github.com/axios/axios')).toEqual(false);
}); });
it('should detect xss', function () {
expect(isURLSameOrigin('https://github.com/axios/axios?<script>alert("hello")</script>')).toEqual(false)
})
}); });