ragusa-it/ragusaitweb
1
0
Fork 0
Code Issues Pull Requests 6 Actions Packages Projects Releases Wiki Activity

feat(security): escape backticks in sanitizeInput

Browse Source 
- Update `sanitizeInput` in `src/utils/security.ts` to escape backticks (`) to ```.
- Add test case in `src/utils/security.test.ts` to verify backtick escaping.
- This mitigates potential XSS risks in contexts where template literals might be used.

Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com>
This commit is contained in:
google-labs-jules[bot]
2026-02-05 01:57:50 +00:00
parent 2587b9dd29
commit 729d19e075
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/utils/security.test.ts
View File

@@ -13,6 +13,10 @@ describe('Security Utils', () => {
expect(sanitizeInput('>')).toBe('&gt;'); expect(sanitizeInput('>')).toBe('&gt;');
}); });
it('escapes backticks', () => {
expect(sanitizeInput('`exec`')).toBe('&#96;exec&#96;');
});
it('returns non-string input as is', () => { it('returns non-string input as is', () => {
// @ts-ignore // @ts-ignore
expect(sanitizeInput(123)).toBe(123); expect(sanitizeInput(123)).toBe(123);

3
src/utils/security.ts
View File

@@ -14,7 +14,8 @@ export function sanitizeInput(input: string): string {
.replace(/</g, "&lt;") .replace(/</g, "&lt;")
.replace(/>/g, "&gt;") .replace(/>/g, "&gt;")
.replace(/"/g, "&quot;") .replace(/"/g, "&quot;")
.replace(/'/g, "&#039;"); .replace(/'/g, "&#039;")
.replace(/`/g, "&#96;");
} }
// Common disposable email providers and invalid domains // Common disposable email providers and invalid domains