During the security audit, a batch of regular expression character invalid escape vulnerabilities were identified in this front-end static resource project. The core issue is that when constructing regular expressions in common.js, the literal . is escaped in the string using .. However, JavaScript strings will parse . into a normal ., resulting in the . in the subsequent regular expression retaining its metacharacter property (matching any single character) instead of the expected literal dot. This further leads to logical abnormalities in front-end functions dependent on this regular expression, such as date parsing and format verification, affecting user interaction experience and data processing accuracy. Targeted fixes are required in a timely manner:
Useless Regular-Expression Character Escape Vulnerability (CWE-201)
During the security audit, a batch of regular expression character invalid escape vulnerabilities were identified in this front-end static resource project. The core issue is that when constructing regular expressions in common.js, the literal . is escaped in the string using .. However, JavaScript strings will parse . into a normal ., resulting in the . in the subsequent regular expression retaining its metacharacter property (matching any single character) instead of the expected literal dot. This further leads to logical abnormalities in front-end functions dependent on this regular expression, such as date parsing and format verification, affecting user interaction experience and data processing accuracy. Targeted fixes are required in a timely manner:
Useless Regular-Expression Character Escape Vulnerability (CWE-201)