ragusa-it/ragusaitweb
1
0
Fork 0
Code Issues Pull Requests 6 Actions Packages Projects Releases Wiki Activity

🛡️ Sentinel: [HIGH] Escape backticks in sanitizeInput #57

Closed
ragusa-it wants to merge 1 commits from sentinel-sanitize-backticks-8724165683106093269 into main
pull from: sentinel-sanitize-backticks-8724165683106093269
merge into: ragusa-it:main
Conversation 1 Commits 1 Files Changed 2 +6 -1
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/utils/security.test.ts
View File

@@ -13,6 +13,10 @@ describe('Security Utils', () => {
expect(sanitizeInput('>')).toBe('>'); expect(sanitizeInput('>')).toBe('>');
}); });
it('escapes backticks', () => {
expect(sanitizeInput('`exec`')).toBe('`exec`');
});
it('returns non-string input as is', () => { it('returns non-string input as is', () => {
// @ts-ignore // @ts-ignore
expect(sanitizeInput(123)).toBe(123); expect(sanitizeInput(123)).toBe(123);

3
src/utils/security.ts
View File

@@ -14,7 +14,8 @@ export function sanitizeInput(input: string): string {
.replace(/</g, "&lt;") .replace(/</g, "&lt;")
.replace(/>/g, "&gt;") .replace(/>/g, "&gt;")
.replace(/"/g, "&quot;") .replace(/"/g, "&quot;")
.replace(/'/g, "&#039;"); .replace(/'/g, "&#039;")
.replace(/`/g, "&#96;");
} }
// Common disposable email providers and invalid domains // Common disposable email providers and invalid domains