Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: enhancement of isExternal #2093

Merged
merged 2 commits into from
Jun 18, 2023
Merged

fix: enhancement of isExternal #2093

merged 2 commits into from
Jun 18, 2023

Conversation

sy-records
Copy link
Member

@sy-records sy-records commented Jun 16, 2023

Summary

Fix an xss vulnerability that was fed via email.

Fix #1477 (comment)

What kind of change does this PR introduce?

For any code change,

  • Related documentation has been updated if needed
  • Related tests have been updated or tests have been added

Does this PR introduce a breaking change? (check one)

  • Yes
  • No

If yes, please describe the impact and migration path for existing applications:

Related issue, if any:

Tested in the following browsers:

  • Chrome
  • Firefox
  • Safari
  • Edge
  • IE

@vercel
Copy link

vercel bot commented Jun 16, 2023

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
docsify-preview ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 17, 2023 0:23am

@sy-records sy-records requested a review from a team June 16, 2023 07:08
@codesandbox-ci
Copy link

codesandbox-ci bot commented Jun 16, 2023

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 942a162:

Sandbox Source
docsify-template Configuration

@Koooooo-7
Copy link
Member

Could u plz add a test case on this for good understanding of this changes ?

Koooooo-7
Koooooo-7 previously approved these changes Jun 16, 2023
@Koooooo-7
Copy link
Member

I checked the mail and yes that we need check the \ , is it harmful either when it contains more than 2 \\ ?

@sy-records
Copy link
Member Author

One and more are problematic, so matching to one is OK.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security Vulnerability
2 participants