jsParse: Disambiguate regex
Make it clear that /= is part of a regex and not an operator shorthand. https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/710
This commit is contained in:
parent
f54e7804c5
commit
9f11fbad16
@ -217,7 +217,7 @@ function isUnsafeExpression(str) {
|
|||||||
prunedStr = prunedStr.replace(/[=!]==/g, ''); //replace === and !== with nothing
|
prunedStr = prunedStr.replace(/[=!]==/g, ''); //replace === and !== with nothing
|
||||||
prunedStr = prunedStr.replace(/[=<>!]=/g, ''); //replace ==, <=, >=, != with nothing
|
prunedStr = prunedStr.replace(/[=<>!]=/g, ''); //replace ==, <=, >=, != with nothing
|
||||||
|
|
||||||
if (prunedStr.match(/=/)) {
|
if (prunedStr.match(/[=]/)) {
|
||||||
return true;
|
return true;
|
||||||
} else if (prunedStr.match(/;/)) {
|
} else if (prunedStr.match(/;/)) {
|
||||||
// If we contain a semicolon not inside of a quote/regex, assume we're unsafe as well
|
// If we contain a semicolon not inside of a quote/regex, assume we're unsafe as well
|
||||||
|
Loading…
x
Reference in New Issue
Block a user