Skip to content

Commit

Permalink
Fix code scanning alert issue-OWASP-BLT#1345
Browse files Browse the repository at this point in the history
  • Loading branch information
JisanAR03 committed Nov 1, 2023
1 parent a075b9e commit 9dcd161
Showing 1 changed file with 18 additions and 1 deletion.
19 changes: 18 additions & 1 deletion website/static/vendor/bootstrap/js/bootstrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -2028,7 +2028,7 @@ function sanitizeInput(input) {
'[data-target="' + target + '"],' +
this.selector + '[href="' + target + '"]'

var active = $(selector)
var active = $(escapePotentialXSS(selector))
.parents('li')
.addClass('active')

Expand Down Expand Up @@ -2407,3 +2407,20 @@ function sanitizeInput(input) {
})

}(jQuery);
function escapePotentialXSS(selector) {
// Escaping only the specific characters that can lead to XSS
// such as <, >, ", ', and ` which are not valid in CSS selectors
// and can be used for XSS if injected into HTML content.
return selector.replace(/[<>\"'`]/g, function(match) {
// Convert potentially dangerous characters to their
// corresponding HTML entity representations.
switch(match) {
case '<': return '&lt;';
case '>': return '&gt;';
case '"': return '&quot;';
case '\'': return '&#39;';
case '`': return '&#96;';
default: return match;
}
});
}

0 comments on commit 9dcd161

Please sign in to comment.