mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-05 16:42:32 +03:00
Code Activity
Files
29da6b24db08ff83e7efe2aab512de3d4d8d216d
axios/lib/helpers/isValidXss.js
T
Yasu Flores 29da6b24db Fix to prevent XSS, throw an error when the URL contains a JS script (#2464) 
* Fixes issue where XSS scripts attacks were possible via the URL

* Fix error

* Move throwing error up

* Add specs and make regex cover more xss cases
2019-10-16 07:53:10 -03:00

7 lines
174 B
JavaScript
Raw Blame History

'use strict';
module.exports = function isValidXss(requestURL) {
var xssRegex = /(\b)(on\S+)(\s*)=|javascript|(<\s*)(\/*)script/gi;
return xssRegex.test(requestURL);
};
View Git Blame Copy Permalink