[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: jquery / CVE-2020-7656

Brian May <brian@linuxpenguins.xyz> writes:

> rscript = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,

The simplest possible solution would be to update that regexp to allows
white space in the closing tag.

But of course the problem here is that a regexp isn't really the right
tool for parsing HTML content, and it is very possible this regexp
contains other hidden security features.
Brian May <bam@debian.org>

Reply to: