Skip to content

Commit

Permalink
fix(javascript): add fallback for html user input sanitizer (#176)
Browse files Browse the repository at this point in the history
  • Loading branch information
@didroe
didroe authored Nov 7, 2023
1 parent ef81184 commit b6a4621
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
2 changes: 2 additions & 0 deletions rules/javascript/shared/third_parties/sanitize_html_sanitizer.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ patterns:
- sanitize($<!>$<_>$<...>)
# DOMPurifier
- sanitizeHtml($<!>$<_>$<...>)
# fallback
- sanitizer($<...>$<!>$<_>$<...>)
metadata:
description: "sanitize HTML sanitizer."
id: javascript_shared_third_parties_sanitize_html_sanitizer
1 change: 1 addition & 0 deletions tests/javascript/lang/raw_html_using_user_input/testdata/ok.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
`<h1>#{sanitizeHtml(req.params.ok)}</h1>`

doT.compile(sanitizeHtml(req.params.ok), {})
doT.compile(sanitizer({ option: true }, req.params.ok), {})

ejs.compile(sanitizeHtml(req.params.ok), {})

Expand Down

0 comments on commit b6a4621

Please sign in to comment.