fix: ReDoS referrer (#1611)
* fix ReDoS referrer * Update src/utils/referrer.js Eliminate regex and use string matcher Co-authored-by: Linus Unnebäck <linus@folkdatorn.se> Co-authored-by: Khang. Võ Vĩ <khangvv@vng.com.vn> Co-authored-by: Linus Unnebäck <linus@folkdatorn.se>
This commit is contained in:
parent
e87b093fd6
commit
2880238729
|
@ -119,7 +119,7 @@ export function isOriginPotentiallyTrustworthy(url) {
|
|||
// 5. If origin's host component is "localhost" or falls within ".localhost", and the user agent conforms to the name resolution rules in [let-localhost-be-localhost], return "Potentially Trustworthy".
|
||||
// We are returning FALSE here because we cannot ensure conformance to
|
||||
// let-localhost-be-loalhost (https://tools.ietf.org/html/draft-west-let-localhost-be-localhost)
|
||||
if (/^(.+\.)*localhost$/.test(url.host)) {
|
||||
if (url.host === 'localhost' || url.host.endsWith('.localhost')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue