nostr/coracle
1
0
Fork 0
mirror of https://github.com/coracle-social/coracle.git synced 2024-09-18 19:23:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix regex injection

Browse Source
This commit is contained in:
Jonathan Staab 2023-03-10 16:51:14 -06:00
parent c0503ebe95
commit 88d93137e2
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/util/html.ts
View File

@ -109,7 +109,7 @@ export const fromParentOffset = (element, offset): [HTMLElement, number] => {
}
export const extractUrls = content => {
const regex = /(https?:\/\/)?(www\.)?[-a-z0-9@:%._\+~#=]{1,256}\.[a-z]{1,6}\b([-a-z0-9@:%_\+.~#?!&//=;]*)/gi
const regex = /(https?:\/\/)?[-a-z0-9@:%._\+~#=\.]+\.[a-z]{1,6}[-a-z0-9@:%_\+.~#?!&//=;]*/gi
const urls = content.match(regex)
return (urls || [])
@ -132,7 +132,8 @@ export const renderContent = content => {
const href = url.includes('://') ? url : 'https://' + url
const display = url.replace(/https?:\/\/(www\.)?/, '')
const regex = new RegExp(`([^"^])(${url})([^"$])`, 'g')
const escaped = url.replace(/([.*+?^${}()|[\]\\])/g, '\\$1')
const regex = new RegExp(`([^"]*)(${escaped})([^"]*)`, 'g')
const $a = document.createElement('a')