Compare commits
1 Commits
bolt/optim
...
sentinel-s
| Author | SHA1 | Date | |
|---|---|---|---|
|
5d9f78d64f |
@@ -27,3 +27,8 @@
|
||||
**Vulnerability:** Allowing users to register or submit forms with disposable email addresses (e.g., mailinator.com) can lead to spam, abuse, and polluted data.
|
||||
**Learning:** While true email verification requires a backend or API, a simple client-side blocklist of common disposable domains is a highly effective, low-cost first line of defense.
|
||||
**Prevention:** Maintain a list of known disposable domains (e.g., `BLOCKED_DOMAINS`) and check the domain part of the email address during validation.
|
||||
|
||||
## 2026-02-14 - Backtick Escaping in Sanitization
|
||||
**Vulnerability:** Standard HTML entity encoding often overlooks backticks (`` ` ``), which are dangerous in JavaScript template literals.
|
||||
**Learning:** While `&`, `<`, `>`, `"`, `'` are standard, backticks are unique to modern JS. If a sanitized string is interpolated into a JS template literal, an unescaped backtick can break out of the string context and allow arbitrary code execution.
|
||||
**Prevention:** Always include `.replace(/`/g, "`")` in custom HTML sanitization functions to prevent injection in JS contexts.
|
||||
|
||||
@@ -25,6 +25,11 @@ describe('Security Utils', () => {
|
||||
const expected = '<script>alert("XSS")</script>';
|
||||
expect(sanitizeInput(input)).toBe(expected);
|
||||
});
|
||||
|
||||
it('escapes backticks', () => {
|
||||
expect(sanitizeInput('`')).toBe('`');
|
||||
expect(sanitizeInput('user`name')).toBe('user`name');
|
||||
});
|
||||
});
|
||||
|
||||
describe('isValidEmail', () => {
|
||||
|
||||
@@ -14,7 +14,8 @@ export function sanitizeInput(input: string): string {
|
||||
.replace(/</g, "<")
|
||||
.replace(/>/g, ">")
|
||||
.replace(/"/g, """)
|
||||
.replace(/'/g, "'");
|
||||
.replace(/'/g, "'")
|
||||
.replace(/`/g, "`");
|
||||
}
|
||||
|
||||
// Common disposable email providers and invalid domains
|
||||
|
||||
Reference in New Issue
Block a user