From e6298004572004b0f27b29a4b7ed51f884ba0095 Mon Sep 17 00:00:00 2001
From: Wu Cheng-Han
Date: Wed, 22 Mar 2017 18:26:35 +0800
Subject: Fix XSS vulnerability in link regex [Security Issue]

---
 public/js/render.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'public/js')

diff --git a/public/js/render.js b/public/js/render.js
index 746820ae..d16181ab 100644
--- a/public/js/render.js
+++ b/public/js/render.js
@@ -3,8 +3,8 @@
 // allow some attributes
 var whiteListAttr = ['id', 'class', 'style']
 window.whiteListAttr = whiteListAttr
-// allow link starts with '.', '/' and custom protocol with '://'
-var linkRegex = /^([\w|-]+:\/\/)|^([.|/])+/
+// allow link starts with '.', '/' and custom protocol with '://', exclude link starts with javascript://
+var linkRegex = /^(?!javascript:\/\/)([\w|-]+:\/\/)|^([.|/])+/
 // allow data uri, from https://gist.github.com/bgrins/6194623
 var dataUriRegex = /^\s*data:([a-z]+\/[a-z0-9-+.]+(;[a-z-]+=[a-z0-9-]+)?)?(;base64)?,([a-z0-9!$&',()*+;=\-._~:@/?%\s]*)\s*$/i
 // custom white list
-- 
cgit v1.2.3