AC-12128::[Cloud] Prototype.js security vulnerability CVE-2020-27511

glo71317 · glo71317 · commit 3b01f01f415d · 2024-06-25T15:04:17.000+05:30
diff --git a/lib/web/prototype/prototype.js b/lib/web/prototype/prototype.js
@@ -643,7 +643,7 @@ Object.extend(String.prototype, (function () {
   }
 
   function stripTags() {
-    return this.replace(/<\w+(\s+("[^"]*"|'[^']*'|[^>])+)?(\/)?>|<\/\w+>/gi, '');
+    return this.replace(/<\w+(\s+("[^"]*"|'[^']*'|[^>'"])+)?\s*("[^">]*|'[^'>])?(\/)?>|<\/\w+>/gi, '');
   }
 
   function stripScripts() {

Original file line number	Diff line number	Diff line change
`@@ -643,7 +643,7 @@ Object.extend(String.prototype, (function () {`
`643`	`643`	`}`
`644`	`644`
`645`	`645`	`function stripTags() {`
`646`		`- return this.replace(/<\w+(\s+("[^"]"\|'[^']'\|[^>])+)?(\/)?>\|<\/\w+>/gi, '');`
	`646`	`+ return this.replace(/<\w+(\s+("[^"]"\|'[^']'\|[^>'"])+)?\s("[^">]\|'[^'>])?(\/)?>\|<\/\w+>/gi, '');`
`647`	`647`	`}`
`648`	`648`
`649`	`649`	`function stripScripts() {`