search

trekhleb / covid-19

📈 Coronavirus (COVID-19) dashboard to show the dynamics of Сoronavirus distribution per country
https://trekhleb.dev/covid-19/
266 stars 71 forks source link

unescaped user input #33

Closed kylegrover closed 4 years ago

kylegrover commented 4 years ago

typing ie / or + into the 'Search country' field crashes the app problem occurs @ index.js:372 new RegExp(countrySearchQuery.trim(), 'i')

kylegrover commented 4 years ago

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions suggests this code

function escapeRegExp(string){
  return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); // $& means the whole matched string
}
trekhleb commented 4 years ago

Very good point! Thanks @kylegrover. It should be fixed now.