DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Change lookahead token order in two URL sanitation regular expressions

Browse source
This commit is contained in:
Dorian Niemiec 2024-02-28 21:45:47 +01:00
parent ae630a1625
commit bd5ab63954
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
svr.js
View file

@ -1311,7 +1311,7 @@ function sanitizeURL(resource) {
// Convert backslashes to slashes and remove duplicate slashes
sanitizedResource = sanitizedResource.replace(/\\/g, "/").replace(/\/+/g, "/");
// Handle relative navigation (e.g., "/./", "/../", "../", "./"), also remove trailing dots in paths
sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=$|\/)/g, "").replace(/([^.\/])\.+(?=$|\/)/g, "$1");
sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=\/|$)/g, "").replace(/([^.\/])\.+(?=\/|$)/g, "$1");
while (sanitizedResource.match(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g)) {
sanitizedResource = sanitizedResource.replace(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g, "");
}