11// CVE-2019-10756
22( function ( content ) {
3- content = content . replace ( / < .* c r i p t .* \/ s c r i p .* > / gi, "" ) ; // $ Alert
4- content = content . replace ( / o n \w + = " .* " / g, "" ) ; // $ Alert
5- content = content . replace ( / o n \w + = \' .* \' / g, "" ) ; // $ Alert
3+ content = content . replace ( / < .* c r i p t .* \/ s c r i p .* > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
4+ content = content . replace ( / o n \w + = " .* " / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
5+ content = content . replace ( / o n \w + = \' .* \' / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
66 return content ;
77} ) ;
88( function ( content ) {
9- content = content . replace ( / < .* c r i p t .* / gi, "" ) ; // $ Alert
10- content = content . replace ( / .o n \w + = .* " .* " / g, "" ) ; // $ Alert
11- content = content . replace ( / .o n \w + = .* \' .* \' / g, "" ) ; // $ Alert
9+ content = content . replace ( / < .* c r i p t .* / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
10+ content = content . replace ( / .o n \w + = .* " .* " / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
11+ content = content . replace ( / .o n \w + = .* \' .* \' / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
1212
1313 return content ;
1414} ) ;
1515
1616// CVE-2020-7656
1717( function ( responseText ) {
1818 var rscript = / < s c r i p t \b [ ^ < ] * (?: (? ! < \/ s c r i p t > ) < [ ^ < ] * ) * < \/ s c r i p t > / gi;
19- responseText . replace ( rscript , "" ) ; // $ Alert
19+ responseText . replace ( rscript , "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
2020 return responseText ;
2121} ) ;
2222
2323// CVE-2019-1010091
2424( function ( text ) {
25- text = text . replace ( / < ! - - | - - ! ? > / g, "" ) ; // $ Alert
25+ text = text . replace ( / < ! - - | - - ! ? > / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
2626 return text ;
2727} ) ;
2828( function ( text ) {
4646// CVE-2019-8903
4747( function ( req ) {
4848 var REG_TRAVEL = / ( \/ ) ? \. \. \/ / g;
49- req . url = req . url . replace ( REG_TRAVEL , "" ) ; // $ Alert
49+ req . url = req . url . replace ( REG_TRAVEL , "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
5050} ) ;
5151( function ( req ) {
5252 var beg ;
6161// New cases
6262
6363( function ( x ) {
64- x = x . replace ( / < s c r i p t \b [ ^ < ] * (?: (? ! < \/ s c r i p t > ) < [ ^ < ] * ) * < \/ s c r i p t > / g, "" ) ; // $ Alert
64+ x = x . replace ( / < s c r i p t \b [ ^ < ] * (?: (? ! < \/ s c r i p t > ) < [ ^ < ] * ) * < \/ s c r i p t > / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
6565
66- x = x . replace ( / ( \/ | \s ) o n \w + = ( \' | " ) ? [ ^ " ] * ( \' | " ) ? / g, "" ) ; // $ Alert
66+ x = x . replace ( / ( \/ | \s ) o n \w + = ( \' | " ) ? [ ^ " ] * ( \' | " ) ? / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
6767
6868 x = x . replace ( / < \/ s c r i p t > / g, "" ) ;
6969
7272 x = x . replace ( / < ( u l | o l ) > < \/ ( u l | o l ) > / gi, "" ) ;
7373 x = x . replace ( / < l i > < \/ l i > / gi, "" ) ;
7474
75- x = x . replace ( / < ! - - ( .* ?) - - > / gm, "" ) ; // $ Alert
76- x = x . replace ( / \s n g - [ a - z - ] + / , "" ) ; // $ Alert
77- x = x . replace ( / \s n g - [ a - z - ] + / g, "" ) ; // $ Alert - ng-attributes
75+ x = x . replace ( / < ! - - ( .* ?) - - > / gm, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
76+ x = x . replace ( / \s n g - [ a - z - ] + / , "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
77+ x = x . replace ( / \s n g - [ a - z - ] + / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization] - ng-attributes
7878
7979 x = x . replace ( / ( < ! - - \[ C D A T A \[ | \] \] - - > ) / g, "\n" ) ; // OK - not a sanitizer
8080
81- x = x . replace ( / < s c r i p t .+ d e s k t o p \- o n l y .+ < \/ s c r i p t > / g, "" ) ; // $ SPURIOUS: Alert
81+ x = x . replace ( / < s c r i p t .+ d e s k t o p \- o n l y .+ < \/ s c r i p t > / g, "" ) ; // $ SPURIOUS: Alert[js/incomplete-multi-character-sanitization]
8282 x = x . replace ( / < s c r i p t a s y n c .+ ?< \/ s c r i p t > / g, "" ) ;
83- x = x . replace ( / < ! - - [ \s \S ] * ?- - > | < \? (?: p h p ) ? [ \s \S ] * ?\? > / gi, "" ) ; // $ Alert
83+ x = x . replace ( / < ! - - [ \s \S ] * ?- - > | < \? (?: p h p ) ? [ \s \S ] * ?\? > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
8484
85- x = x . replace ( / \x2E \x2E \x2F \x2E \x2E \x2F / g, "" ) ; // $ Alert - matches "../../"
85+ x = x . replace ( / \x2E \x2E \x2F \x2E \x2E \x2F / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization] - matches "../../"
8686
87- x = x . replace ( / < s c r i p t .* > .* < \/ s c r i p t > / gi, "" ) ; // $ Alert
87+ x = x . replace ( / < s c r i p t .* > .* < \/ s c r i p t > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
8888
8989 x = x . replace ( / ^ ( \. \. \/ ? ) + / g, "" ) ;
9090
9797 x = x . replace ( / < \/ ? ( [ a - z ] [ a - z 0 - 9 ] * ) \b [ ^ > ] * > / gi, "" ) ; // $ MISSING: Alert
9898
9999 x = x . replace ( / \. \. / g, "" ) ;
100- x = x . replace ( / \. \. \/ / g, "" ) ; // $ Alert
101- x = x . replace ( / \/ \. \. / g, "" ) ; // $ Alert
100+ x = x . replace ( / \. \. \/ / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
101+ x = x . replace ( / \/ \. \. / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
102102
103- x = x . replace ( / < s c r i p t ( .* ?) > ( [ \s \S ] * ?) < \/ s c r i p t > / gi, "" ) ; // $ Alert
103+ x = x . replace ( / < s c r i p t ( .* ?) > ( [ \s \S ] * ?) < \/ s c r i p t > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
104104
105- x = x . replace ( / < ( s c r i p t | d e l ) (? = [ \s > ] ) [ \w \W ] * ?< \/ \1\s * > / gi, "" ) ; // $ Alert
106- x = x . replace ( / \< s c r i p t [ \s \S ] * ?\> [ \s \S ] * ?\< \/ s c r i p t \> / g, "" ) ; // $ Alert
107- x = x . replace ( / < ( s c r i p t | s t y l e | t i t l e ) [ ^ < ] + < \/ ( s c r i p t | s t y l e | t i t l e ) > / gm, "" ) ; // $ Alert
108- x = x . replace ( / < s c r i p t [ ^ > ] * > ( [ \s \S ] * ?) < \/ s c r i p t > / gi, "" ) ; // $ Alert
109- x = x . replace ( / < s c r i p t [ \s \S ] * ?< \/ s c r i p t > / gi, "" ) ; // $ Alert
110- x = x . replace ( / ? < ! - - ? / g, "" ) ; // $ Alert
105+ x = x . replace ( / < ( s c r i p t | d e l ) (? = [ \s > ] ) [ \w \W ] * ?< \/ \1\s * > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
106+ x = x . replace ( / \< s c r i p t [ \s \S ] * ?\> [ \s \S ] * ?\< \/ s c r i p t \> / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
107+ x = x . replace ( / < ( s c r i p t | s t y l e | t i t l e ) [ ^ < ] + < \/ ( s c r i p t | s t y l e | t i t l e ) > / gm, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
108+ x = x . replace ( / < s c r i p t [ ^ > ] * > ( [ \s \S ] * ?) < \/ s c r i p t > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
109+ x = x . replace ( / < s c r i p t [ \s \S ] * ?< \/ s c r i p t > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
110+ x = x . replace ( / ? < ! - - ? / g, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
111111 x = x . replace ( / r e q u i r e \( ' \. \. \/ c o m m o n ' \) ; / g, "" ) ;
112112 x = x . replace ( / \. \. \/ \. \. \/ l i b \/ / g, "" ) ;
113113
125125 x = x
126126 . replace ( / ^ \. \/ / , "" )
127127 . replace ( / \/ \. \/ / , "/" )
128- . replace ( / [ ^ \/ ] * \/ \. \. \/ / , "" ) ; // $ Alert
128+ . replace ( / [ ^ \/ ] * \/ \. \. \/ / , "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
129129
130130 return x ;
131131} ) ;
132132
133133( function ( content ) {
134- content . replace ( / < s c r i p t .* \/ s c r i p t > / gi, "" ) ; // $ Alert
135- content . replace ( / < ( s c r i p t ) .* \/ s c r i p t > / gi, "" ) ; // $ Alert
136- content . replace ( / .+ < ( s c r i p t ) .* \/ s c r i p t > / gi, "" ) ; // $ Alert
137- content . replace ( / .* < ( s c r i p t ) .* \/ s c r i p t > / gi, "" ) ; // $ Alert
134+ content . replace ( / < s c r i p t .* \/ s c r i p t > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
135+ content . replace ( / < ( s c r i p t ) .* \/ s c r i p t > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
136+ content . replace ( / .+ < ( s c r i p t ) .* \/ s c r i p t > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
137+ content . replace ( / .* < ( s c r i p t ) .* \/ s c r i p t > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
138138} ) ;
139139
140140( function ( content ) {
141- content = content . replace ( / < s c r i p t [ \s \S ] * ?< \/ s c r i p t > / gi, "" ) ; // $ Alert
142- content = content . replace ( / < [ a - z A - Z \/ ] ( .| \n ) * ?> / g, '' ) || ' ' ; // $ Alert
143- content = content . replace ( / < ( s c r i p t | i f r a m e | v i d e o ) [ \s \S ] * ?< \/ ( s c r i p t | i f r a m e | v i d e o ) > / g, '' ) // $ Alert
144- content = content . replace ( / < ( s c r i p t | i f r a m e | v i d e o ) ( .| \s ) * ?\/ ( s c r i p t | i f r a m e | v i d e o ) > / g, '' ) // $ Alert
141+ content = content . replace ( / < s c r i p t [ \s \S ] * ?< \/ s c r i p t > / gi, "" ) ; // $ Alert[js/incomplete-multi-character-sanitization]
142+ content = content . replace ( / < [ a - z A - Z \/ ] ( .| \n ) * ?> / g, '' ) || ' ' ; // $ Alert[js/incomplete-multi-character-sanitization]
143+ content = content . replace ( / < ( s c r i p t | i f r a m e | v i d e o ) [ \s \S ] * ?< \/ ( s c r i p t | i f r a m e | v i d e o ) > / g, '' ) // $ Alert[js/incomplete-multi-character-sanitization]
144+ content = content . replace ( / < ( s c r i p t | i f r a m e | v i d e o ) ( .| \s ) * ?\/ ( s c r i p t | i f r a m e | v i d e o ) > / g, '' ) // $ Alert[js/incomplete-multi-character-sanitization]
145145 content = content . replace ( / < [ ^ < ] * > / g, "" ) ;
146146
147- n . cloneNode ( false ) . outerHTML . replace ( / < \/ ? [ \w : \- ] + ? | = [ \" ] [ ^ \" ] + \" | = \' [ ^ \' ] + \' | = [ \w \- ] + | > / gi, '' ) . replace ( / [ \w : \- ] + / gi, function ( a ) { // $ Alert
147+ n . cloneNode ( false ) . outerHTML . replace ( / < \/ ? [ \w : \- ] + ? | = [ \" ] [ ^ \" ] + \" | = \' [ ^ \' ] + \' | = [ \w \- ] + | > / gi, '' ) . replace ( / [ \w : \- ] + / gi, function ( a ) { // $ Alert[js/incomplete-multi-character-sanitization]
148148 o . push ( { specified : 1 , nodeName : a } ) ;
149149 } ) ;
150150
151- n . cloneNode ( false ) . outerHTML . replace ( / < \/ ? [ \w : \- ] + ? | = [ \" ] [ ^ \" ] + \" | = \' [ ^ \' ] + \' | = [ \w \- ] + | > / gi, '' ) . replace ( / [ \w : \- ] + / gi, function ( a ) { // $ Alert
151+ n . cloneNode ( false ) . outerHTML . replace ( / < \/ ? [ \w : \- ] + ? | = [ \" ] [ ^ \" ] + \" | = \' [ ^ \' ] + \' | = [ \w \- ] + | > / gi, '' ) . replace ( / [ \w : \- ] + / gi, function ( a ) { // $ Alert[js/incomplete-multi-character-sanitization]
152152 o . push ( { specified : 1 , nodeName : a } ) ;
153- } ) ;
153+ } ) ;
154154
155155 content = content . replace ( / .+ ?(? = \s ) / , '' ) ;
156- } ) ;
156+ } ) ;
0 commit comments