Skip to content

Commit 0462213

Browse files
cspruiellcspruiell
authored
Merge pull request #241 from magento-obsessive-owls/MC-15375
MC-15375: XSS Injection via nested link in Banner
2 parents c303a47 + 654ecbc commit 0462213

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

app/code/Magento/PageBuilder/view/adminhtml/web/js/utils/nesting-link-dialog.js

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/code/Magento/PageBuilder/view/adminhtml/web/ts/js/utils/nesting-link-dialog.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ export default function nestingLinkDialog(
2828
const dataStoreContent = dataStore.getState() as DataObject;
2929
const inlineMessage = dataStoreContent[inlineMessageField] as string;
3030
const linkUrl = dataStoreContent[linkUrlField] as FieldDefaultsInterface;
31-
const aLinkRegex = /<a[\s]+([^>]+)>|<a>|<\/a>/igm;
31+
const aLinkRegex = /(<a[\s]+[^>]+).+(?=<\/a>)<\/a>/igm;
3232
if (wysiwyg &&
3333
inlineMessage.match(aLinkRegex) &&
3434
linkUrl &&

0 commit comments

Comments
 (0)