@braintree/sanitize-url
Advanced tools
Comparing version 1.0.0 to 2.0.0
'use strict'; | ||
var jsRegex = /^javascript:.*/im; | ||
var dataRegex = /^data:.*/im; | ||
var ctrlCharactersRegex = /[^\x20-\x7E]/gmi; | ||
@@ -9,3 +10,5 @@ | ||
return sanitizedUrl.replace(jsRegex, 'about:blank'); | ||
return sanitizedUrl | ||
.replace(jsRegex, 'about:blank') | ||
.replace(dataRegex, 'about:blank'); | ||
} | ||
@@ -12,0 +15,0 @@ |
{ | ||
"name": "@braintree/sanitize-url", | ||
"version": "1.0.0", | ||
"version": "2.0.0", | ||
"description": "A url sanitizer", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -18,2 +18,14 @@ 'use strict'; | ||
}); | ||
it('replaces data urls with about:blank', function () { | ||
expect(sanitizeUrl('data:text/html;basfe64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E')).to.equal('about:blank'); | ||
}); | ||
it('disregards capitalization for data urls', function () { | ||
expect(sanitizeUrl('dAtA:text/html;basfe64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E')).to.equal('about:blank'); | ||
}); | ||
it('ignores ctrl characters in data urls', function () { | ||
expect(sanitizeUrl(decodeURIComponent('dat%0aa:text/html;basfe64,PH%3Cscript%3Ealert(document.domain)%3C/script%3E'))).to.equal('about:blank'); | ||
}); | ||
}); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
4679
7
36