Fix code scanning alert issue-#1352 (#1505)

* Fix code scanning alert issue-#1352 * Fix code scanning alert issue-#1352 --------- Co-authored-by: DonnieBLT <128622481+DonnieBLT@users.noreply.github.com>
OWASP-BLT · Oct 28, 2023 · f869d90 · f869d90
1 parent 22ddc4a
commit f869d90
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/website/static/vendor/bootstrap/js/bootstrap.js b/website/static/vendor/bootstrap/js/bootstrap.js
@@ -15,7 +15,10 @@ if (typeof jQuery === 'undefined') {
         throw new Error('Bootstrap\'s JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4')
     }
 }(jQuery);
-
+function sanitizeSelector(selector) {
+    // Use a whitelist approach to only allow valid characters in a selector
+    return selector.replace(/[^\w-#.:]/g, '');
+}
 /* ========================================================================
  * Bootstrap: transition.js v3.3.7
  * http://getbootstrap.com/javascript/#transitions
@@ -112,8 +115,8 @@ if (typeof jQuery === 'undefined') {
             selector = $this.attr('href')
             selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7
         }
-
-        var $parent = $(selector === '#' ? [] : selector)
+        selector = sanitizeSelector(selector === '#' ? '' : selector);
+        var $parent = $(selector);
 
         if (e) e.preventDefault()
 
@@ -139,7 +142,6 @@ if (typeof jQuery === 'undefined') {
             removeElement()
     }
 
-
     // ALERT PLUGIN DEFINITION
     // =======================