@braintree/sanitize-url
Advanced tools
Comparing version 7.0.0 to 7.0.1
# CHANGELOG | ||
## 7.0.1 | ||
- Improve sanitization of HTML entities | ||
## 7.0.0 | ||
@@ -4,0 +8,0 @@ |
@@ -19,6 +19,15 @@ "use strict"; | ||
} | ||
var sanitizedUrl = decodeHtmlCharacters(url) | ||
.replace(constants_1.htmlCtrlEntityRegex, "") | ||
.replace(constants_1.ctrlCharactersRegex, "") | ||
.trim(); | ||
var charsToDecode; | ||
var decodedUrl = url; | ||
do { | ||
decodedUrl = decodeHtmlCharacters(decodedUrl) | ||
.replace(constants_1.htmlCtrlEntityRegex, "") | ||
.replace(constants_1.ctrlCharactersRegex, "") | ||
.trim(); | ||
charsToDecode = | ||
decodedUrl.match(constants_1.ctrlCharactersRegex) || | ||
decodedUrl.match(constants_1.htmlEntitiesRegex) || | ||
decodedUrl.match(constants_1.htmlCtrlEntityRegex); | ||
} while (charsToDecode && charsToDecode.length > 0); | ||
var sanitizedUrl = decodedUrl; | ||
if (!sanitizedUrl) { | ||
@@ -25,0 +34,0 @@ return constants_1.BLANK_URL; |
{ | ||
"name": "@braintree/sanitize-url", | ||
"version": "7.0.0", | ||
"version": "7.0.1", | ||
"description": "A url sanitizer", | ||
@@ -5,0 +5,0 @@ "main": "dist/index.js", |
@@ -112,2 +112,4 @@ /* eslint-disable no-script-url */ | ||
"javasc&#\u0000x09;ript:alert(1)", | ||
"java&NewLine&newline;;script:alert('XSS')", | ||
"java&NewLine&newline;;script:alert('XSS')", | ||
]; | ||
@@ -114,0 +116,0 @@ |
@@ -27,8 +27,15 @@ import { | ||
} | ||
const sanitizedUrl = decodeHtmlCharacters(url) | ||
.replace(htmlCtrlEntityRegex, "") | ||
.replace(ctrlCharactersRegex, "") | ||
.trim(); | ||
let charsToDecode; | ||
let decodedUrl = url; | ||
do { | ||
decodedUrl = decodeHtmlCharacters(decodedUrl) | ||
.replace(htmlCtrlEntityRegex, "") | ||
.replace(ctrlCharactersRegex, "") | ||
.trim(); | ||
charsToDecode = | ||
decodedUrl.match(ctrlCharactersRegex) || | ||
decodedUrl.match(htmlEntitiesRegex) || | ||
decodedUrl.match(htmlCtrlEntityRegex); | ||
} while (charsToDecode && charsToDecode.length > 0); | ||
const sanitizedUrl = decodedUrl; | ||
if (!sanitizedUrl) { | ||
@@ -35,0 +42,0 @@ return BLANK_URL; |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
19645
333