bad html filtering regexp

StackOverflowIsBetterThanAnyAI · StackOverflowIsBetterThanAnyAI · commit b1ba30cd738f · 2025-02-12T01:10:18.000+01:00
diff --git a/CWE-80/main.js b/CWE-80/main.js
@@ -1,10 +1,7 @@
 const main = (html) => {
-    const scriptRegex = /<script\b[^>]*>([\s\S]*?)<\/script>/gi
-    let match
+    const regex = /<script\b[^>]*>([\s\S]*?)<\/script>/gi
 
-    while ((match = scriptRegex.exec(html)) !== null) {
-        html = html.replace(match[0], match[1])
+    if (regex.test(html)) {
+        document.body.innerHTML = html
     }
-
-    return html
 }

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,7 @@`
`1`	`1`	`const main = (html) => {`
`2`		`- const scriptRegex = /<script\b[^>]>([\s\S]?)<\/script>/gi`
`3`		`- let match`
	`2`	`+ const regex = /<script\b[^>]>([\s\S]?)<\/script>/gi`
`4`	`3`
`5`		`- while ((match = scriptRegex.exec(html)) !== null) {`
`6`		`- html = html.replace(match[0], match[1])`
	`4`	`+ if (regex.test(html)) {`
	`5`	`+ document.body.innerHTML = html`
`7`	`6`	`}`
`8`		`-`
`9`		`- return html`
`10`	`7`	`}`