Browse Source

Fixed regexes in prev commit (should match strings from the start only)

pull/82/head
Vitaly Puzrin 10 years ago
parent
commit
6c57f7f792
  1. 4
      lib/index.js
  2. 7
      test/fixtures/markdown-it/xss.txt

4
lib/index.js

@ -28,8 +28,8 @@ var config = {
// replace it with dummy function and use external sanitizer. // replace it with dummy function and use external sanitizer.
// //
var BAD_PROTO_RE = /vbscript:|javascript:|file:|data:/; var BAD_PROTO_RE = /^(vbscript|javascript|file|data):/;
var GOOD_DATA_RE = /data:image\/(gif|png|jpeg|webp);/; var GOOD_DATA_RE = /^data:image\/(gif|png|jpeg|webp);/;
function validateLink(url) { function validateLink(url) {
// url should be normalized at this point, and existing entities are decoded // url should be normalized at this point, and existing entities are decoded

7
test/fixtures/markdown-it/xss.txt

@ -66,9 +66,14 @@ Should not allow data-uri except some whitelisted mimes
<p>[xss link](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)</p> <p>[xss link](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)</p>
. .
.
[normal link](/javascript:link)
.
<p><a href="/javascript:link">normal link</a></p>
.
Image parser use the same code base. Image parser use the same code base as link.
. .
![xss link](javascript:alert(1)) ![xss link](javascript:alert(1))
. .

Loading…
Cancel
Save