@braintree/sanitize-url
Advanced tools
Comparing version 6.0.3 to 6.0.4
# CHANGELOG | ||
## 6.0.4 | ||
- Add additional null byte sanitization prior to html decoding (#48) | ||
## 6.0.3 | ||
@@ -4,0 +8,0 @@ |
@@ -16,3 +16,4 @@ "use strict"; | ||
function decodeHtmlCharacters(str) { | ||
return str.replace(htmlEntitiesRegex, function (match, dec) { | ||
var removedNullByte = str.replace(ctrlCharactersRegex, ""); | ||
return removedNullByte.replace(htmlEntitiesRegex, function (match, dec) { | ||
return String.fromCharCode(dec); | ||
@@ -19,0 +20,0 @@ }); |
{ | ||
"name": "@braintree/sanitize-url", | ||
"version": "6.0.3", | ||
"version": "6.0.4", | ||
"description": "A url sanitizer", | ||
@@ -5,0 +5,0 @@ "main": "dist/index.js", |
@@ -110,2 +110,3 @@ /* eslint-disable no-script-url */ | ||
"javasc	ript: alert('XSS');", | ||
"javasc&#\u0000x09;ript:alert(1)", | ||
]; | ||
@@ -112,0 +113,0 @@ |
@@ -17,3 +17,4 @@ const invalidProtocolRegex = /^([^\w]*)(javascript|data|vbscript)/im; | ||
function decodeHtmlCharacters(str: string) { | ||
return str.replace(htmlEntitiesRegex, (match, dec) => { | ||
const removedNullByte = str.replace(ctrlCharactersRegex, ""); | ||
return removedNullByte.replace(htmlEntitiesRegex, (match, dec) => { | ||
return String.fromCharCode(dec); | ||
@@ -20,0 +21,0 @@ }); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
17576
293
0