Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 0462213

Browse files
cspruiellcspruiell
authoredMar 13, 2019
Merge pull request #241 from magento-obsessive-owls/MC-15375
MC-15375: XSS Injection via nested link in Banner
2 parents c303a47 + 654ecbc commit 0462213

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed
 

‎app/code/Magento/PageBuilder/view/adminhtml/web/js/utils/nesting-link-dialog.js

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎app/code/Magento/PageBuilder/view/adminhtml/web/ts/js/utils/nesting-link-dialog.ts

+1-1
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ export default function nestingLinkDialog(
2828
const dataStoreContent = dataStore.getState() as DataObject;
2929
const inlineMessage = dataStoreContent[inlineMessageField] as string;
3030
const linkUrl = dataStoreContent[linkUrlField] as FieldDefaultsInterface;
31-
const aLinkRegex = /<a[\s]+([^>]+)>|<a>|<\/a>/igm;
31+
const aLinkRegex = /(<a[\s]+[^>]+).+(?=<\/a>)<\/a>/igm;
3232
if (wysiwyg &&
3333
inlineMessage.match(aLinkRegex) &&
3434
linkUrl &&

0 commit comments

Comments
 (0)
Please sign in to comment.