From 49ed732824aff7cee61727fb2d3526bfa2f0f587 Mon Sep 17 00:00:00 2001 From: Don Mitchell Date: Mon, 25 Aug 2014 17:00:48 -0400 Subject: [PATCH] JS regex's need to escape special chars LMS-11260 --- common/static/js/src/utility.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/common/static/js/src/utility.js b/common/static/js/src/utility.js index ab899711f8..ef540373fc 100644 --- a/common/static/js/src/utility.js +++ b/common/static/js/src/utility.js @@ -35,8 +35,9 @@ window.rewriteStaticLinks = function(content, from, to) { } // change all relative urls only which may be embedded inside other tags in content. // handle http and https - // note: add other protocols here - var regex = new RegExp("(https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}([-a-zA-Z0-9@:%_\+.~#?&//=]*))?"+from, 'g'); + // escape all regex interpretable chars + fromRe = from.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&'); + var regex = new RegExp("(https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}([-a-zA-Z0-9@:%_\+.~#?&//=]*))?"+fromRe, 'g'); return content.replace(regex, replacer); };