antville/antville
antville/antville
1
1
Fork 0
Code Issues 51 Pull requests 9 Projects Releases 9 Wiki Activity Actions

Merge pull request #304 from antville/fix-codeql-js-incomplete-sanitization

Browse source 
Fix CodeQL issue js/incomplete-sanitization
This commit is contained in:
Tobi Schäfer 2021-12-11 11:48:40 +01:00 committed by GitHub
commit 8f8a5fa341
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
code/Global/Global.js
View file

@ -1077,7 +1077,7 @@ function validateUrl(str) {
function quote(str, pattern) {
str = String(str);
if (!pattern || RegExp(pattern).test(str) || /['"]/.test(str)) {
str = "'" + str.replace(/("|')/g, '\\$1') + "'";
str = "'" + str.replace(/('|"|\\)/g, '\\$1') + "'";
}
return str;
}

2
tools/updater/Global/convert.js
View file

@ -574,7 +574,7 @@ convert.skins = function() {
}
if (parent !== null && parent !== undefined) {
execute("update skin set source = '" +
clean(parent).replace(/'/g, "\\'") + "' where " +
clean(parent).replace(/('|\\)/g, "\\$1") + "' where " +
'id = ' + this.id);
}
});