Skip to content

Commit cb574fb

Browse files
Copilotsensslen
Copilot
and
sensslen
committed
Simplify ALLOWED_URI_REGEXP to address CodeQL warning
Co-authored-by: sensslen <3428860+sensslen@users.noreply.github.com>
1 parent 9441b37 commit cb574fb

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/components/MessageItem.tsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ const MessageItem: React.FC<MessageItemProps> = ({ message, onShowMessage, onHid
4040
ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'u', 'br', 'p', 'span', 'a'],
4141
ALLOWED_ATTR: ['href', 'class'],
4242
// Restrict href to safe protocols only (http, https, mailto)
43-
ALLOWED_URI_REGEXP: /^(?:(?:https?|mailto):|[^a-z]|[a-z+.-]+(?:[^a-z+.-:]|$))/i
43+
ALLOWED_URI_REGEXP: /^(?:https?|mailto):/i
4444
});
4545

4646
return sanitizedMessage;

0 commit comments

Comments
 (0)