From e6298004572004b0f27b29a4b7ed51f884ba0095 Mon Sep 17 00:00:00 2001 From: Wu Cheng-Han Date: Wed, 22 Mar 2017 18:26:35 +0800 Subject: [PATCH] Fix XSS vulnerability in link regex [Security Issue] --- public/js/render.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/public/js/render.js b/public/js/render.js index 746820a..d16181a 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -3,8 +3,8 @@ // allow some attributes var whiteListAttr = ['id', 'class', 'style'] window.whiteListAttr = whiteListAttr -// allow link starts with '.', '/' and custom protocol with '://' -var linkRegex = /^([\w|-]+:\/\/)|^([.|/])+/ +// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript:// +var linkRegex = /^(?!javascript:\/\/)([\w|-]+:\/\/)|^([.|/])+/ // allow data uri, from https://gist.github.com/bgrins/6194623 var dataUriRegex = /^\s*data:([a-z]+\/[a-z0-9-+.]+(;[a-z-]+=[a-z0-9-]+)?)?(;base64)?,([a-z0-9!$&',()*+;=\-._~:@/?%\s]*)\s*$/i // custom white list