From ae630a1625976595aed8c0e0f2de87a8f9f96434 Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Wed, 28 Feb 2024 21:43:43 +0100
Subject: [PATCH] URL sanitizer function now uses less regular expression
 replacements.

---
 svr.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/svr.js b/svr.js
index d1a050e..3dd6625 100644
--- a/svr.js
+++ b/svr.js
@@ -1311,11 +1311,11 @@ function sanitizeURL(resource) {
   // Convert backslashes to slashes and remove duplicate slashes
   sanitizedResource = sanitizedResource.replace(/\\/g, "/").replace(/\/+/g, "/");
   // Handle relative navigation (e.g., "/./", "/../", "../", "./"), also remove trailing dots in paths
-  sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=($|\/))/g, "$1").replace(/([^.\/])\.+(?=($|\/))/g, "$1$2").replace(/\/+/g, "/");
-  while (sanitizedResource.match(/\/(?!\.\.\/)[^\/]+\/\.\.(?=(\/|$))/g)) {
-    sanitizedResource = sanitizedResource.replace(/\/(?!\.\.\/)[^\/]+\/\.\.(?=(\/|$))/g, "$1").replace(/\/+/g, "/");
+  sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=$|\/)/g, "").replace(/([^.\/])\.+(?=$|\/)/g, "$1");
+  while (sanitizedResource.match(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g)) {
+    sanitizedResource = sanitizedResource.replace(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g, "");
   }
-  sanitizedResource = sanitizedResource.replace(/\/\.\.(?=(\/|$))/g, "$1").replace(/\/+/g, "/");
+  sanitizedResource = sanitizedResource.replace(/\/\.\.(?=\/|$)/g, "");
   if (sanitizedResource.length == 0) return "/";
   else return sanitizedResource;
 }