From bd5ab639541391c693288d7079203da9d27b51a1 Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Wed, 28 Feb 2024 21:45:47 +0100
Subject: [PATCH] Change lookahead token order in two URL sanitation regular
 expressions

---
 svr.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/svr.js b/svr.js
index 3dd6625..23d84b2 100644
--- a/svr.js
+++ b/svr.js
@@ -1311,7 +1311,7 @@ function sanitizeURL(resource) {
   // Convert backslashes to slashes and remove duplicate slashes
   sanitizedResource = sanitizedResource.replace(/\\/g, "/").replace(/\/+/g, "/");
   // Handle relative navigation (e.g., "/./", "/../", "../", "./"), also remove trailing dots in paths
-  sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=$|\/)/g, "").replace(/([^.\/])\.+(?=$|\/)/g, "$1");
+  sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=\/|$)/g, "").replace(/([^.\/])\.+(?=\/|$)/g, "$1");
   while (sanitizedResource.match(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g)) {
     sanitizedResource = sanitizedResource.replace(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g, "");
   }