Update validateBaseUrl to use latest regex
Summary: Updating the regex to avoid a potential regular expression denial-of-service vulnerability. Changelog: Update validateBaseUrl to use a more robust regular expression. Fixes CVE-2020-1920, GHSL-2020-293 Reviewed By: lunaleaps Differential Revision: D25507604 fbshipit-source-id: c36a03c456881bc655c861e1a2c5cd41a7127c9d
This commit is contained in:
Родитель
36b58a824e
Коммит
33ef82ce6d
|
@ -105,7 +105,7 @@ export class URLSearchParams {
|
|||
|
||||
function validateBaseUrl(url: string) {
|
||||
// from this MIT-licensed gist: https://gist.github.com/dperini/729294
|
||||
return /^(?:(?:(?:https?|ftp):)?\/\/)(?:(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)(?:\.(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)*(?:\.(?:[a-z\u00a1-\uffff]{2,}))?)(?::\d{2,5})?(?:[/?#]\S*)?$/i.test(
|
||||
return /^(?:(?:(?:https?|ftp):)?\/\/)(?:(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z0-9\u00a1-\uffff][a-z0-9\u00a1-\uffff_-]{0,62})?[a-z0-9\u00a1-\uffff]\.)*(?:[a-z\u00a1-\uffff]{2,}\.?))(?::\d{2,5})?(?:[/?#]\S*)?$/.test(
|
||||
url,
|
||||
);
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче