Skip to content

Commit 2aa0a39

Browse files
authored
Merge pull request #330 from topcoder-platform/VULN-2658
Fix Reflected XSS
2 parents 1899ffd + a0cf3fa commit 2aa0a39

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

web-assets/js/setupAuth0WithRedirect.js

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -422,7 +422,10 @@ const authSetup = function () {
422422

423423
// XSS rules
424424
const encode = function(str) {
425-
return str.replace(/[\x26\x0A\<>'"]/g,function(str){return"&#"+str.charCodeAt(0)+";"})
425+
str = str.replace(/[\x26\x0A\<>'"]/g,function(str){return"&#"+str.charCodeAt(0)+";"})
426+
return String(str).replace(/[^\w. ]/gi, function(c){
427+
return '&#'+c.charCodeAt(0)+';';
428+
});
426429
}
427430
// end XSS rules
428431

0 commit comments

Comments
 (0)