Skip to content

Commit

Permalink
Improve href-sanitizer scriptlet
Browse files Browse the repository at this point in the history 
Related issue:
uBlockOrigin/uBlock-issues#3297

Mind that the sanitized URL can have Unicode characters beyond
ASCII.
  • Loading branch information
@gorhill
gorhill committed Jul 10, 2024
1 parent 569c8cb commit 66e3a1a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion assets/resources/scriptlets.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3477,7 +3477,7 @@ function hrefSanitizer(
};
const validateURL = text => {
if ( text === '' ) { return ''; }
if ( /[^\x21-\x7e]/.test(text) ) { return ''; }
if ( /[\x00-\x20\x7f]/.test(text) ) { return ''; }
try {
const url = new URL(text, document.location);
return url.href;
Expand Down

0 comments on commit 66e3a1a

Please sign in to comment.