Fix #1033 #1037
Fix #1033 #1037
Conversation
|
The Lint error wants to optimize the regexp by removing the escape character I added. |
|
Feel free to silence it with a eslint-disable :D |
|
We are planning a release later today, are you planning to get this change in and amend the PR? :) |
|
Done. |
|
What's your time zone? I'm in CET (UTC+1) |
Same |
|
This is again breaking the tests and we have already invested a lot off useless effort into adding one character, I would really recommend that you don't blindly commit stuff but actually run the linter before. The comment you want to add is this: |
|
Thanks, this looks better and tests don't die on init this time. In case all good, we will merge and then release 3.2.2 |
|
Sorry, I'm a security analyst not a software developer nor lint expert, and I'm not allowed to install any of your tools on my laptop, so I did indeed copy the same comment from the next line assuming it would be the same. I usually only test new library versions for security breaches and upgrade them in our products when needed (we use over 1800 different libraries). But for DomPurify it was impossible due to this single character. |
|
No worries, we managed after all 🙂 |
Summary
Small fix for issue #1033
Background & Context
const TMPLIT_EXPR = seal(/\${[\w\W]*}/gm);Projects that use XSLT can inline 3rd party libs before pushing out the response to the browser. While doing so they can perform code resolution/substitutions on ${} espressions. Unfortunately the
${[\w\W]*}part can be misinterpreted as an expression even though it's in a regexp, and because it obviously doesn't resolve to anything during the transformation, it gets wiped out as a result and causes a syntax error when the browser gets it.Result:
const TMPLIT_EXPR = seal(/\/gm);Proposed solution
The solution is extremely simple and doesn't change anything to how the regexp operates as it merely escapes the first curly brace.