Fix regex misuse. #199
Merged
Fix regex misuse. #199
Commits on Jun 7, 2024
-
- Overbroad matching of hostnames: `.` vs `\.` - Overuse of `RegExp.prototype.match` where `String.prototype.includes` or `RegExp.prototype.test` suffice and better communicate the intent by returning a boolean. - Use `Location.hostname` and not `Location.host`, because we're already assuming there isn't a port on the end (e.g. `:8080`). This avoids further complicating the (corrected) regexes. Should resolve: - https://github.com/alphagov/govuk-browser-extension/security/code-scanning/1 - https://github.com/alphagov/govuk-browser-extension/security/code-scanning/2 - https://github.com/alphagov/govuk-browser-extension/security/code-scanning/3 - https://github.com/alphagov/govuk-browser-extension/security/code-scanning/4 I don't believe these are exploitable, hence raising a regular PR.
-
Parse URL properly when matching nationalarchives.
Otherwise we just substitute one CodeQL warning for another :/
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.