mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 11:16:31 -05:00
Fix link regex should filter protocol with case insensitive flag [Security Issue]
This commit is contained in:
parent
a39870f224
commit
48df250491
1 changed files with 1 additions and 1 deletions
|
@ -4,7 +4,7 @@
|
|||
var whiteListAttr = ['id', 'class', 'style']
|
||||
window.whiteListAttr = whiteListAttr
|
||||
// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
|
||||
var linkRegex = /^(?!javascript:\/\/)([\w|-]+:\/\/)|^([.|/])+/
|
||||
var linkRegex = /^(?!javascript:\/\/)([\w|-]+:\/\/)|^([.|/])+/i
|
||||
// allow data uri, from https://gist.github.com/bgrins/6194623
|
||||
var dataUriRegex = /^\s*data:([a-z]+\/[a-z0-9-+.]+(;[a-z-]+=[a-z0-9-]+)?)?(;base64)?,([a-z0-9!$&',()*+;=\-._~:@/?%\s]*)\s*$/i
|
||||
// custom white list
|
||||
|
|
Loading…
Reference in a new issue