mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-04-22 15:56:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed incomplete multi-character sanitization and incomplete URL substring sanitization issues.

Browse source
This commit is contained in:
n1474335 2021-02-10 17:41:39 +00:00
parent 530836876f
commit 170e564319
2 changed files with 34 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/core/Utils.mjs
View file

@ -704,8 +704,21 @@ class Utils {
* Utils.stripHtmlTags("<div>Test</div>");
*/
static stripHtmlTags(htmlStr, removeScriptAndStyle=false) {
/**
* Recursively remove a pattern from a string until there are no more matches.
* Avoids incomplete sanitization e.g. "aabcbc".replace(/abc/g, "") === "abc"
*
* @param {RegExp} pattern
* @param {string} str
* @returns {string}
*/
function recursiveRemove(pattern, str) {
const newStr = str.replace(pattern, "");
return newStr.length === str.length ? newStr : recursiveRemove(pattern, newStr);
}
if (removeScriptAndStyle) {
htmlStr = htmlStr.replace(/<(script|style)[^>]*>.*?<\/(script|style)>/gi, "");
htmlStr = recursiveRemove(/<(script|style)[^>]*>.*?<\/(script|style)>/gi, htmlStr);
}
return htmlStr.replace(/<[^>]+>/g, "");
}