CVE-2022-48345: Fix html entity tab (#45) · braintree/sanitize-url@d4bdc89

@@ -100,6 +100,7 @@ describe("sanitizeUrl", () => { "&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29", "jav ascript:alert(‘XSS’);", " � javascript:alert(‘XSS’);", "javasc ript: alert(‘XSS’);", ];
attackVectors.forEach((vector) => { @@ -136,6 +137,15 @@ describe("sanitizeUrl", () => { ); });
it(`disallows ${protocol} urls that use : for the colon portion of the url`, () => { expect(sanitizeUrl(`${protocol}:alert(document.domain)`)).toBe( “about:blank” ); expect(sanitizeUrl(`${protocol}:alert(document.domain)`)).toBe( “about:blank” ); });
it(`disregards capitalization for ${protocol} urls`, () => { // upper case every other letter in protocol name const mixedCapitalizationProtocol = protocol