Skip to content

Commit

Permalink
Fixed a CodeQL vulnerability in js/mage/adminhtml/uploader/instance.js
Browse files Browse the repository at this point in the history
  • Loading branch information
@fballiano
fballiano committed Sep 24, 2024
1 parent 38f80f6 commit d5f04ae
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 4 deletions.
1 change: 0 additions & 1 deletion .github/codeql-config.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@

paths-ignore:
- 'js/prototype/prototype.js'
- 'js/mage/adminhtml/uploader/instance.js'
- 'js/mage/adminhtml/wysiwyg/tiny_mce/setup.js'
- 'js/prototype/validation.js'
- 'js/extjs/ext-tree.js'
Expand Down
4 changes: 1 addition & 3 deletions public/js/mage/adminhtml/uploader/instance.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -484,9 +484,7 @@
return str
.stripScripts()
// Remove inline event handlers like onclick, onload, etc
.replace(/(on[a-z]+=["][^"]+["])(?=[^>]*>)/img, '')
.replace(/(on[a-z]+=['][^']+['])(?=[^>]*>)/img, '')
;
.replace(/\s+on(?:\w|-)*\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]+)/img, '');
}
});
})(window, document);

0 comments on commit d5f04ae

Please sign in to comment.