File tree Expand file tree Collapse file tree 1 file changed +15
-8
lines changed
packages/api/src/middleware Expand file tree Collapse file tree 1 file changed +15
-8
lines changed Original file line number Diff line number Diff line change @@ -37,14 +37,21 @@ export function sanitizeInput(input: any): any {
3737 }
3838
3939 if ( typeof input === 'string' ) {
40- return input
41- . replace ( / < s c r i p t \b [ ^ < ] * (?: (? ! < \/ s c r i p t > ) < [ ^ < ] * ) * < \/ s c r i p t > / gi, '' )
42- . replace ( / j a v a s c r i p t : / gi, '' )
43- . replace ( / o n \w + \s * = / gi, '' )
44- . replace ( / d a t a : t e x t \/ h t m l / gi, '' )
45- . replace ( / < i f r a m e / gi, '' )
46- . replace ( / < e m b e d / gi, '' )
47- . replace ( / < o b j e c t / gi, '' )
40+ let sanitized = String ( input ) ;
41+ let previous : string ;
42+ do {
43+ previous = sanitized ;
44+ sanitized = sanitized
45+ . replace ( / < s c r i p t \b [ ^ < ] * (?: (? ! < \/ s c r i p t > ) < [ ^ < ] * ) * < \/ s c r i p t > / gi, '' )
46+ . replace ( / j a v a s c r i p t : / gi, '' )
47+ . replace ( / o n \w + \s * = / gi, '' )
48+ . replace ( / d a t a : t e x t \/ h t m l / gi, '' )
49+ . replace ( / < i f r a m e / gi, '' )
50+ . replace ( / < e m b e d / gi, '' )
51+ . replace ( / < o b j e c t / gi, '' ) ;
52+ } while ( sanitized !== previous ) ;
53+
54+ return sanitized
4855 . trim ( )
4956 . slice ( 0 , 10000 ) ;
5057 }
You can’t perform that action at this time.
0 commit comments