The RegEx pattern validating URLs does not ensure the text starts with a valid URL. This can be used to insert a javascript function and is potentially a XSS vulnerability. For example the following URL is accepted:
javascript:alert('XSS')/*http://www.google.com*/
In the onSave function the following pattern is used:
var urlPattern = /(http|ftp|https):\/\/[\w-]+(\.[\w-]+)+([\w.,@?^=%&:\/~+#-]*[\w@?^=%&\/~+#-])?/i;
I believe the correct pattern should be:
var urlPattern = /^(http|ftp|https):\/\/[\w-]+(\.[\w-]+)+([\w.,@?^=%&:\/~+#-]*[\w@?^=%&\/~+#-])?/i;
The RegEx pattern validating URLs does not ensure the text starts with a valid URL. This can be used to insert a javascript function and is potentially a XSS vulnerability. For example the following URL is accepted:
javascript:alert('XSS')/*http://www.google.com*/In the onSave function the following pattern is used:
var urlPattern = /(http|ftp|https):\/\/[\w-]+(\.[\w-]+)+([\w.,@?^=%&:\/~+#-]*[\w@?^=%&\/~+#-])?/i;I believe the correct pattern should be:
var urlPattern = /^(http|ftp|https):\/\/[\w-]+(\.[\w-]+)+([\w.,@?^=%&:\/~+#-]*[\w@?^=%&\/~+#-])?/i;