Skip to content

Commit

Permalink
fix(dashboard): Prevent XSS attack vector (#21822)
Browse files Browse the repository at this point in the history
Co-authored-by: Herbert Gainor <herbert.gainor@preset.io>
  • Loading branch information
agl-developer and Herbert Gainor authored Oct 19, 2022
1 parent 7c4102c commit ec20c01
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ interface SafeMarkdownProps {

function isSafeMarkup(node: MarkdownAbstractSyntaxTree) {
return node.type === 'html' && node.value
? /href="(javascript|vbscript|file):.*"/gim.test(node.value) === false
? !/(href|src)="(javascript|vbscript|file):.*"/gim.test(node.value)
: true;
}

Expand Down

0 comments on commit ec20c01

Please sign in to comment.