Fix scripting vulnerability in regex parsing (thanks zx2c4)
record.data = record.data.replace('&', '&').replace('<', '<').replace('>', '>');
// Turn HTTP URLs into links
- record.data = record.data.replace(/(\s|^)(https?:\/\/[a-zA-Z0-9.-]*[a-zA-Z0-9](\/(\S*[^.!,;?()\s])?)?)/g, '$1<a href="$2">$2</a>');
+ record.data = record.data.replace(/(\s|^)(https?:\/\/[a-zA-Z0-9.-]*[a-zA-Z0-9](\/([^\s"]*[^.!,;?()\s])?)?)/g, '$1<a href="$2">$2</a>');
// Turn markdown links into links
- record.data = record.data.replace(/(\s|^)\[([^\]]+)\]\((https?:\/\/[a-zA-Z0-9.-]*[a-zA-Z0-9](\/[^)]*?)?)\)/, '$1<a href="$3">$2</a>');
+ record.data = record.data.replace(/(\s|^)\[([^\]]+)\]\((https?:\/\/[a-zA-Z0-9.-]*[a-zA-Z0-9](\/[^)"]*?)?)\)/, '$1<a href="$3">$2</a>');
// Turn *foo* into italics and **foo** into bold
record.data = record.data.replace(/(\s)\*\*([^*]+)\*\*(\s)/, '$1<b>$2</b>$3');