🔒 Enhance security: Update XSS pattern to improve detection of unsafe URL protocols in attributes.

pcrespov · pcrespov · commit 413eb252ac29 · 2025-10-17T17:36:57.000+02:00
diff --git a/packages/models-library/src/models_library/string_types.py b/packages/models-library/src/models_library/string_types.py
@@ -39,7 +39,7 @@ class XSSPattern(NamedTuple):
     ),
     XSSPattern(
         re.compile(
-            r"(?i)\b(?:src|href|xlink:href|srcdoc)\s*=\s*['\"]?\s*(?:javascript:|vbscript:|data:)",
+            r"(?i)\b(?:src|href|xlink:href|srcdoc)\s*=\s*(?:['\"]\s*)?(?:javascript:|vbscript:|data:)",
             re.IGNORECASE,
         ),
         "Contains unsafe URL protocols in attributes",
