]> git.ipfire.org Git - thirdparty/bootstrap.git/commitdiff
Adjust regex `SAFE_URL_PATTERN` for use with test method of regexes. (#33136)
authorNikon the Third <christian.berrer@gmail.com>
Fri, 19 Feb 2021 08:24:53 +0000 (09:24 +0100)
committerGitHub <noreply@github.com>
Fri, 19 Feb 2021 08:24:53 +0000 (10:24 +0200)
The test method on regexes behaves different than the match method on strings in the presence of the global modifier.
Add a unit test for sanitizing the same template twice.

Co-authored-by: XhmikosR <xhmikosr@gmail.com>
js/src/util/sanitizer.js
js/tests/unit/util/sanitizer.spec.js

index 18ac6f9438dd43d34038524ce8a4b7f98c1b4b75..57653a891fc91303bf2d25310e60f65e09db5803 100644 (file)
@@ -23,7 +23,7 @@ const ARIA_ATTRIBUTE_PATTERN = /^aria-[\w-]*$/i
  *
  * Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts
  */
-const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^#&/:?]*(?:[#/?]|$))/gi
+const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^#&/:?]*(?:[#/?]|$))/i
 
 /**
  * A pattern that matches safe data URLs. Only matches image, video and audio types.
index 869b8c56158155de68e85afd5908078144547860..7379d221f478e2054ffcb31736c944365e7cff49 100644 (file)
@@ -66,5 +66,15 @@ describe('Sanitizer', () => {
       expect(result).toEqual(template)
       expect(DOMParser.prototype.parseFromString).not.toHaveBeenCalled()
     })
+
+    it('should allow multiple sanitation passes of the same template', () => {
+      const template = '<img src="test.jpg">'
+
+      const firstResult = sanitizeHtml(template, DefaultAllowlist, null)
+      const secondResult = sanitizeHtml(template, DefaultAllowlist, null)
+
+      expect(firstResult).toContain('src')
+      expect(secondResult).toContain('src')
+    })
   })
 })