diff --git a/frontend/app/player/web/Screen/Marker.ts b/frontend/app/player/web/Screen/Marker.ts index 331995782..d55ed5be3 100644 --- a/frontend/app/player/web/Screen/Marker.ts +++ b/frontend/app/player/web/Screen/Marker.ts @@ -1,12 +1,27 @@ import type Screen from './Screen' import styles from './marker.module.css'; -function escapeRegExp(string: string) { - return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&') +const metaCharsMap = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''', + '/': '/', + '`': '`', + '=': '=' +}; + +function escapeHtml(str: string) { + return String(str).replace(/[&<>"'`=\/]/g, function (s) { + // @ts-ignore + return metaCharsMap[s]; + }); } -function escapeHtml(string: string) { - return string.replaceAll('&', '&').replaceAll('<', '<').replaceAll('>', '>').replaceAll('"', '"').replaceAll("'", '''); + +function escapeRegExp(string: string) { + return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&') } function safeString(string: string) { diff --git a/frontend/app/validate.js b/frontend/app/validate.js index 0e052f5fc..771fbd461 100644 --- a/frontend/app/validate.js +++ b/frontend/app/validate.js @@ -5,7 +5,7 @@ export function validateIP(value) { export function validateURL(value) { if (typeof value !== 'string') return false; - return /^(?:(?:(?:https?|ftp):)?\/\/)(?:\S+(?::\S*)?@)?(?:(?!(?:10|127)(?:\.\d{1,3}){3})(?!(?:169\.254|192\.168)(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)(?:\.(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)*(?:\.(?:[a-z\u00a1-\uffff]{2,})))(?::\d{2,5})?(?:[/?#]\S*)?$/i.test(value); + return /^[(ftp|http(s)?):\/\/(www\.)?a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z0-9]{1,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)/i.test(value); } function escapeRegexp(s) {