mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-23 20:40:40 +03:00
Code Activity

Fix XSS logic that matched some valid urls (#2529)

Browse Source 
* Fix XSS logic that matched some valid urls, e.g. "/one/?foo=bar", when it shouldn't match those
This commit is contained in:
Yasu Flores
2019-11-07 18:39:24 -08:00
committed by GitHub
parent bbfd5b1395
commit 841466416b
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/helpers/isValidXss.js
+2 -1
View File
@@ -1,6 +1,7 @@
'use strict'; 'use strict';
module.exports = function isValidXss(requestURL) { module.exports = function isValidXss(requestURL) {
var xssRegex = /(\b)(on\S+)(\s*)=|javascript|(<\s*)(\/*)script/gi; var xssRegex = /(\b)(on\w+)=|javascript|(<\s*)(\/*)script/gi;
return xssRegex.test(requestURL); return xssRegex.test(requestURL);
}; };
test/specs/helpers/isValidXss.spec.js
+1
View File
@@ -12,6 +12,7 @@ describe('helpers::isValidXss', function () {
}); });
it('should not detect non script tags', function() { it('should not detect non script tags', function() {
expect(isValidXss("/one/?foo=bar")).toBe(false);
expect(isValidXss("<safe> tags")).toBe(false); expect(isValidXss("<safe> tags")).toBe(false);
expect(isValidXss("<safetag>")).toBe(false); expect(isValidXss("<safetag>")).toBe(false);
expect(isValidXss(">>> safe <<<")).toBe(false); expect(isValidXss(">>> safe <<<")).toBe(false);