jgaunt/CyberChef
2
0
Fork 0
mirror of https://github.com/gchq/CyberChef synced 2025-12-25 20:53:36 +00:00
Code Issues Releases Wiki Activity

Fixed incomplete multi-character sanitization and incomplete URL substring sanitization issues.

Browse Source
This commit is contained in:
n1474335
2021-02-10 17:41:39 +00:00
parent 530836876f
commit 170e564319
2 changed files with 34 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/core/Utils.mjs
View File

@@ -704,8 +704,21 @@ class Utils {
* Utils.stripHtmlTags("<div>Test</div>");
*/
static stripHtmlTags(htmlStr, removeScriptAndStyle=false) {
/**
* Recursively remove a pattern from a string until there are no more matches.
* Avoids incomplete sanitization e.g. "aabcbc".replace(/abc/g, "") === "abc"
*
* @param {RegExp} pattern
* @param {string} str
* @returns {string}
*/
function recursiveRemove(pattern, str) {
const newStr = str.replace(pattern, "");
return newStr.length === str.length ? newStr : recursiveRemove(pattern, newStr);
}
if (removeScriptAndStyle) {
htmlStr = htmlStr.replace(/<(script|style)[^>]*>.*?<\/(script|style)>/gi, "");
htmlStr = recursiveRemove(/<(script|style)[^>]*>.*?<\/(script|style)>/gi, htmlStr);
}
return htmlStr.replace(/<[^>]+>/g, "");
}