Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix: ReDoS referrer (#1611)
* fix ReDoS referrer

* Update src/utils/referrer.js

Eliminate regex and use string matcher

Co-authored-by: Linus Unnebäck <linus@folkdatorn.se>

Co-authored-by: Khang. Võ Vĩ <khangvv@vng.com.vn>
Co-authored-by: Linus Unnebäck <linus@folkdatorn.se>
  • Loading branch information
3 people committed Jul 31, 2022
1 parent e87b093 commit 2880238
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/utils/referrer.js
Expand Up @@ -119,7 +119,7 @@ export function isOriginPotentiallyTrustworthy(url) {
// 5. If origin's host component is "localhost" or falls within ".localhost", and the user agent conforms to the name resolution rules in [let-localhost-be-localhost], return "Potentially Trustworthy".
// We are returning FALSE here because we cannot ensure conformance to
// let-localhost-be-loalhost (https://tools.ietf.org/html/draft-west-let-localhost-be-localhost)
if (/^(.+\.)*localhost$/.test(url.host)) {
if (url.host === 'localhost' || url.host.endsWith('.localhost')) {
return false;
}

Expand Down

0 comments on commit 2880238

Please sign in to comment.