This reverts commit 728db88280.
We're reverting this commit for now, until it can be subjected to a more
thorough security review.
PR Close #30463
This commit is contained in:
Alex Rickabaugh
@ -54,7 +54,7 @@ const SAFE_STYLE_VALUE = new RegExp(
|
||||
* Given the common use case, low likelihood of attack vector, and low impact of an attack, this
|
||||
* code is permissive and allows URLs that sanitize otherwise.
|
||||
*/
|
||||
const URL_RE = /^url\(([\w\W]*)\)$/;
|
||||
const URL_RE = /^url\(([^)]+)\)$/;
|
||||
|
||||
/**
|
||||
* Checks that quotes (" and ') are properly balanced inside a string. Assumes
|
||||
|
||||
Reference in New Issue
Block a user