LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-21 16:41:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixes minor security vulnerability (#30948) (#30951)

Browse Source 
Merged via squash.

Prepared head SHA: cfbe5fe830
Co-authored-by: benediktjohannes <253604130+benediktjohannes@users.noreply.github.com>
Co-authored-by: shakkernerd <165377636+shakkernerd@users.noreply.github.com>
Reviewed-by: @shakkernerd
This commit is contained in:
Benedikt Johannes
2026-03-02 01:38:01 +01:00
committed by GitHub
parent dc816b84ea
commit b81e1b902d
3 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/security/external-content.test.ts
View File

@@ -187,6 +187,13 @@ describe("external-content security", () => {
["\u2039", "\u203A"], // single angle quotation marks
["\u27E8", "\u27E9"], // mathematical angle brackets
["\uFE64", "\uFE65"], // small less-than/greater-than signs
["\u00AB", "\u00BB"], // guillemets (double angle quotation marks)
["\u300A", "\u300B"], // CJK double angle brackets
["\u27EA", "\u27EB"], // mathematical double angle brackets
["\u27EC", "\u27ED"], // white tortoise shell brackets
["\u27EE", "\u27EF"], // flattened parentheses
["\u276C", "\u276D"], // medium angle bracket ornaments
["\u276E", "\u276F"], // heavy angle quotation ornaments
];
for (const [left, right] of bracketPairs) {

16
src/security/external-content.ts
View File

@@ -116,6 +116,20 @@ const ANGLE_BRACKET_MAP: Record<number, string> = {
0x27e9: ">", // mathematical right angle bracket
0xfe64: "<", // small less-than sign
0xfe65: ">", // small greater-than sign
0x00ab: "<", // left-pointing double angle quotation mark
0x00bb: ">", // right-pointing double angle quotation mark
0x300a: "<", // left double angle bracket
0x300b: ">", // right double angle bracket
0x27ea: "<", // mathematical left double angle bracket
0x27eb: ">", // mathematical right double angle bracket
0x27ec: "<", // mathematical left white tortoise shell bracket
0x27ed: ">", // mathematical right white tortoise shell bracket
0x27ee: "<", // mathematical left flattened parenthesis
0x27ef: ">", // mathematical right flattened parenthesis
0x276c: "<", // medium left-pointing angle bracket ornament
0x276d: ">", // medium right-pointing angle bracket ornament
0x276e: "<", // heavy left-pointing angle quotation mark ornament
0x276f: ">", // heavy right-pointing angle quotation mark ornament
};
function foldMarkerChar(char: string): string {
@@ -135,7 +149,7 @@ function foldMarkerChar(char: string): string {
function foldMarkerText(input: string): string {
return input.replace(
/[\uFF21-\uFF3A\uFF41-\uFF5A\uFF1C\uFF1E\u2329\u232A\u3008\u3009\u2039\u203A\u27E8\u27E9\uFE64\uFE65]/g,
/[\uFF21-\uFF3A\uFF41-\uFF5A\uFF1C\uFF1E\u2329\u232A\u3008\u3009\u2039\u203A\u27E8\u27E9\uFE64\uFE65\u00AB\u00BB\u300A\u300B\u27EA\u27EB\u27EC\u27ED\u27EE\u27EF\u276C\u276D\u276E\u276F]/g,
(char) => foldMarkerChar(char),
);
}