forked from svrjs/svrjs
URL sanitizer function now uses less regular expression replacements.
This commit is contained in:
parent
c3aba19ca3
commit
ae630a1625
1 changed files with 4 additions and 4 deletions
8
svr.js
8
svr.js
|
@ -1311,11 +1311,11 @@ function sanitizeURL(resource) {
|
||||||
// Convert backslashes to slashes and remove duplicate slashes
|
// Convert backslashes to slashes and remove duplicate slashes
|
||||||
sanitizedResource = sanitizedResource.replace(/\\/g, "/").replace(/\/+/g, "/");
|
sanitizedResource = sanitizedResource.replace(/\\/g, "/").replace(/\/+/g, "/");
|
||||||
// Handle relative navigation (e.g., "/./", "/../", "../", "./"), also remove trailing dots in paths
|
// Handle relative navigation (e.g., "/./", "/../", "../", "./"), also remove trailing dots in paths
|
||||||
sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=($|\/))/g, "$1").replace(/([^.\/])\.+(?=($|\/))/g, "$1$2").replace(/\/+/g, "/");
|
sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=$|\/)/g, "").replace(/([^.\/])\.+(?=$|\/)/g, "$1");
|
||||||
while (sanitizedResource.match(/\/(?!\.\.\/)[^\/]+\/\.\.(?=(\/|$))/g)) {
|
while (sanitizedResource.match(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g)) {
|
||||||
sanitizedResource = sanitizedResource.replace(/\/(?!\.\.\/)[^\/]+\/\.\.(?=(\/|$))/g, "$1").replace(/\/+/g, "/");
|
sanitizedResource = sanitizedResource.replace(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g, "");
|
||||||
}
|
}
|
||||||
sanitizedResource = sanitizedResource.replace(/\/\.\.(?=(\/|$))/g, "$1").replace(/\/+/g, "/");
|
sanitizedResource = sanitizedResource.replace(/\/\.\.(?=\/|$)/g, "");
|
||||||
if (sanitizedResource.length == 0) return "/";
|
if (sanitizedResource.length == 0) return "/";
|
||||||
else return sanitizedResource;
|
else return sanitizedResource;
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue