From 55ad35ad2a966426e438daed978a585fed03ff9e Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Mon, 9 Feb 2026 01:46:22 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[Enhancemen?= =?UTF-8?q?t]=20Sanitize=20backticks=20in=20user=20input?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com> --- src/utils/security.test.ts | 7 +++++++ src/utils/security.ts | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/utils/security.test.ts b/src/utils/security.test.ts index 428c373..30eaeeb 100644 --- a/src/utils/security.test.ts +++ b/src/utils/security.test.ts @@ -10,6 +10,7 @@ describe('Security Utils', () => { expect(sanitizeInput('foo & bar')).toBe('foo & bar'); expect(sanitizeInput('"quotes"')).toBe('"quotes"'); expect(sanitizeInput("'single quotes'")).toBe(''single quotes''); + expect(sanitizeInput('`backticks`')).toBe('`backticks`'); expect(sanitizeInput('>')).toBe('>'); }); @@ -25,6 +26,12 @@ describe('Security Utils', () => { const expected = '<script>alert("XSS")</script>'; expect(sanitizeInput(input)).toBe(expected); }); + + it('handles mixed content with backticks', () => { + const input = '`alert(1)`'; + const expected = '`alert(1)`'; + expect(sanitizeInput(input)).toBe(expected); + }); }); describe('isValidEmail', () => { diff --git a/src/utils/security.ts b/src/utils/security.ts index ec68c79..475e12b 100644 --- a/src/utils/security.ts +++ b/src/utils/security.ts @@ -14,7 +14,8 @@ export function sanitizeInput(input: string): string { .replace(//g, ">") .replace(/"/g, """) - .replace(/'/g, "'"); + .replace(/'/g, "'") + .replace(/`/g, "`"); } // Common disposable email providers and invalid domains