fix: safer </script> regexes (#835)

tivac · Apr 9, 2022 · ca589f6 · ca589f6
1 parent 8b4bf68
commit ca589f6
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/packages/svelte/link.js b/packages/svelte/link.js
@@ -5,7 +5,7 @@ const isUrl = require("is-url");
 const { replaceTrailingNewlines } = require("./replacer.js");
 
 const linkRegex = /<link\b[^<>]*?\bhref=\s*(?:"([^"]+)"|'([^']+)'|([^>\s]+))[^>]*>/gm;
-const scriptRegex = /<script[\S\s]*?>([\S\s]*?)<\/script>/im;
+const scriptRegex = /<script[^>]*?>([\S\s]*?)<\/script[^>]*?>/im;
 
 // eslint-disable-next-line max-statements
 exports.extractLink = async ({

diff --git a/packages/svelte/script.js b/packages/svelte/script.js
@@ -3,7 +3,7 @@
 const { init, parse } = require("es-module-lexer");
 const parseImports = require("parse-es6-imports");
 
-const scriptRegex = /<script[\S\s]*?>(?<contents>[\S\s]*?)<\/script>/gim;
+const scriptRegex = /<script[^>]*?>(?<contents>[\S\s]*?)<\/script[^>]*?>/gim;
 
 // eslint-disable-next-line max-statements
 exports.extractImport = async ({