danmcgee-soda
commented
2 years ago @mojoaxel do you know what I need to do to get this merged?
@luisfpg is there anything additional I can do to help here?
Closed danmcgee-soda closed 2 years ago
danmcgee-soda
commented
2 years ago @mojoaxel do you know what I need to do to get this merged?
@luisfpg is there anything additional I can do to help here?
luisfpg
commented
2 years ago @luisfpg is there anything additional I can do to help here?
I'm sorry, I'm having troubles lately to find some time for this project. From Cyclos itself, the project covers 100% of the needs already for years, so I'm doing all the maintainance in my free time. I'll do my best for merge some PRs in the next few days.
Javascript replace only acts on the first found match if the pattern is a string. Change the patterns to regular expressions and use the global flag to ensure all occurrences are replaced.
This also updates the test to include some checks around the three special characters we un-escape in this code.
We noticed this with CodeQL Security Scanning on our repository- this rule was tripped: https://github.com/github/codeql/blob/56786790fcf88b79d1d26b946ff36dfe2d6f33ac/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql